> We have since upgraded, but among our new users over the last few days > have been a Weber361, a Weber395, and a nderevyanko. > Googling the last user name, I've found 4,900 referencesâmost with > guestbooks or forumsâto which nderevyanko has signed up. He has been > preceded by a few Webers, and some Irenas, often citing that > killhim.boom.ru is their home page.
I also noticed that the "nderevyanko" user has put up a number of posts to sites with the same text: http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! *OR* http://softexpert.atspace.com tell you about Egypt pyramids! My ICQ : 294168488 Contact me asap! I'll give you a free gift! A good example: - http://proxy2.de/guestbook/ Another chunk of similar posts look like this: (From http://www.hermit.com/guestbook/guestbook.html ) http://softexpert.atspace.com tell you about Egypt pyramids! My ICQ : 294168488 Contact me asap! I'll give you a free gift! http://softexpert.atspace.com tell you about Egypt pyramids! My ICQ : 294168488 Contact me asap! I'll give you a free gift! nDerevyanko <[EMAIL PROTECTED]> NY, NY USA - Friday, December 24, 2004 at 09:31:44 (EST) http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! nderevyanko <[EMAIL PROTECTED]> NY, NY USA - Friday, December 24, 2004 at 08:51:27 (EST) http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! nderevyanko <[EMAIL PROTECTED]> NY, NY USA - Friday, December 24, 2004 at 08:51:17 (EST) http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! http://nderevyanko.narod.ru/ greets you. Came into my website! My site is better then this one! I'll give you free money! nderevyanko <[EMAIL PROTECTED]> NY, NY USA - Friday, December 24, 2004 at 08:51:16 (EST) There is obviously something not right about this user. It could be a spam bot hoping to create Google spam to the website. It could be related to the exploits. I haven't visited the listed website(s) yet to see what they hold. Maybe tomorrow. =) -- Peace. ~G On Sat, 25 Dec 2004 18:54:17 -0500, Jack Yan <[EMAIL PROTECTED]> wrote: > Dear Full-Disclosure members: > > I am not a computer expert, just a regular Joe who hopes this information > may be useful to you. > We are running phpBB and last week, a DoS attack was launched against us. > We have since upgraded, but among our new users over the last few days > have been a Weber361, a Weber395, and a nderevyanko. > Googling the last user name, I've found 4,900 referencesâmost with > guestbooks or forumsâto which nderevyanko has signed up. He has been > preceded by a few Webers, and some Irenas, often citing that > killhim.boom.ru is their home page. > I have heard that there is a phpBB worm doing the rounds over the > holidays, and wonder if this is related in some way. > My hosting company recommended this list and I hope members, being far > better versed on these matters than me, can get word out. > Other than the frequency with which the Webers and nderevyanko have > signed up to thousands of sites over the last few days, I've no proof that > they are maliciousâbut since the DoS attack I am on alert. > I hope this information is useful and that this has been a post that's > considered on-topic. > > Yours sincerely, > > Jack Yan, LL B, BCA (Hons.), MCA <http://jackyan.com> > CEO, Jack Yan & Associates <http://jya.net/> > CEO, Lucire LLC <http://www.lucire.net> > > Lucire, the global fashion magazine: <http://www.lucire.com> > Visit Beyond Branding, <http://www.beyond-branding.com>âin its second > printing > > ---------- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
