[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?

To: edge@xxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?
From: "Carlos Kramer" <csk_1975@xxxxxxxxxxx>
Date: Wed, 30 Jun 2004 15:16:26 +0000

If you use google/altavista et al to search for some of the more obvious
parts of the javascript a few come up, for example "function gc099":-

www.bifconference.com/bif2002/newsroom/Dunn_synop.rtf www.biketas.org.au/BikeTas/ meetings/2001-10-02-minutes.txt www.planetkc.com/sloth/sci/blklst.txt englishrosesuites.com/style.css www.nf.crimestoppers.ca/1992/92-93-11 www.afz.ch/Vereinigung/Accueil/ Association/Welcome/Examinations/rev.tabelleen.rtf etc, etc, etc...

and although this one isn't infected its pretty funny to read:-

www.milonic.com/mfa/2004-June/004443.html

From: "Edge, Ronald D" <edge@xxxxxxxxxxx>
To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?
Date: Wed, 30 Jun 2004 08:39:32 -0500

From the latest issue of:
************************************************************************
*
SANS NewsBites                June 30, 2004               Vol. 6, Num.
26
************************************************************************
*
Legal liability question:  Has anyone contacted an attorney yet about
damage done by either of these two possibly negligent actions: (1) the
Wittie worm when the security software vendor may have allowed many
customers to have their systems disabled because selected users may not
have gotten the patch for weeks after it was ready, or (2) Download.Ject
damage done to consumers - through loss of identity data and banking
passwords -- by infected web sites that apparently did not tell their
clients that the site was infected?  If you have gotten legal advice
about these, please let us know by emailing info@xxxxxxxx with subject
"legal liability."
================================

So here was my email to SANS:

What I want to know is where the heck are the publicized identies of the
supposedly many major web sites that were infecting their
customers/visitors??

I have rarely seen such an obvious massive hush job and coverup. I have
searched the news articles on Download.Ject and to date I have not found
a SINGLE EXPOSED IDENTITY of a web site.

I have pointed this out to a well known IT journalist I correspond with
by email regularly, and he replied that he thinks it is definitely a
story worth pursuing.

I frankly am appalled that not a single site has been named, at least
not to my knowlege, and I have TRIED to find one named in the news
online.

Ron.

Ronald D. Edge
Director of Information Systems
Indiana University Intercollegiate Athletics
edge@xxxxxxxxxxx  (812)855-9010
http://iuhoosiers.com

Corporate IT's reaction to spyware has been surprising: it's been
largely swept under the rug. The problem is that you can't hide an
elephant by sweeping it under the rug. It leaves quite a bulge.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________________________________________________________ MSN Movies - Trailers, showtimes, DVD's, and the latest news from Hollywood! http://movies.msn.click-url.com/go/onm00200509ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] PIX vs CheckPoint
Next by Date: Re: [Full-Disclosure] IE Web Browser: "Sitting Duck"
Previous by thread: RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?
Next by thread: RE: [Full-Disclosure] Name One Web Site Compromised by Download.Ject?
Index(es):
- Date
- Thread