To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Just ran across this mess yesterday so this is bleeding edge news as far as I can tell as I don't see any other reference to it yet and I haven't gone public yet.
Lot's of references in Google about individual sites being hacked but I don't think they know the extent of the problem: http://www.google.com/search?hl=en&q=apollohosting+hacked Please note that these types of hackers don't seem infect every account on the server, they just infect a chunk of them based on some unknown criteria, so it's hit and miss which domains are infected. Perhaps individual accounts were hacked but I don't think so as I've seen this same type of thing on iPowerWeb, random sites, some servers had more sites infected, others just a few, who knows why. Here's a few examples, view the HTML source to see all the embedded pharma ads typically at the bottom of the page: secure1.apollohosting.com http://whois.webhosting.info/206.125.215.251?pi=4&ob=SLD&oo=ASC view-source:http://oceancyclery.com/ view-source:http://oldpeking.com/ secure2.apollohosting.com http://whois.webhosting.info/206.125.215.252 view-source:http://911lens.com/ view-source:http://altonaequipment.com/ secure4.apollohosting.com http://whois.webhosting.info/206.125.215.254 View the source on any domain in the list, not all are infected but it's a more heavily server wide infestation... Another site on their box appears to maybe have an injector script: view-source:http://lookoutinc.com/ (dont go to domain with JS enabled) So on and so forth, you get the idea. I just spot checked a 5 servers, but based on what I've run across in the past it's probably on all shared servers. -- Bill Atchison http://www.crawlwall.com _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets