Kenneth, These are insidious hackers!
I did what you said and I am getting an exact duplicate of our web site! They have probably infiltrated the system and are using this to capture our customers' login information and passing it back to them encrypted! I can't believe this! I've already called a local consulting firm and they will be doing an eval this Thursday of our security measures that we've taken. Then, I am going to call the webmaster I just fired over this back in and have him sit in front of their report and see if he has anything to say for himself. Hah! Also, right before I wrote this message I blocked port 443 in and out on our firewall at the bank! I will be going over these servers very carefully tonight to look for anything wacky or goofy. -------- Mr. Billy B. Bilano, MSCE, CCNA <http://www.bilano.biz/> Expert Sysadmin Since 2003! 'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS ----- Original Message ----- From: "Ng, Kenneth (US)" <[EMAIL PROTECTED]> To: "'Billy B. Bilano'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, June 08, 2004 1:51 PM Subject: RE: [Full-Disclosure] Possible First Crypto Virus Definitely Discovered! > Question is, are you supposed to have a SSL server on that box? If so, > that's what it is. If not, then you definitely have a problem. Try > connecting to that box with the URL you normally use, just use "https" > instead of "http". If you get the "normal" page, then someone turned on > https without realizing it. If you get something different, then you > investigate. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
