[LACNIC/Seguridad] [Fwd: Re: [ii] Phishing site]

Martin Aberastegue xyborg en gmail.com
Jue Jun 12 11:38:23 BRT 2008 

I've sent an email to the admins of the domain colonia.gub.uy. It
seems to be remote file inclusion vulnerability on the script they are
using.


On 6/12/08, Antonio Montes <antonio.montes en cenpra.gov.br> wrote:
> Carlos,
>
>  Could you please forward the enclosed information to the appropriate
> response group in Uruguay.
>
>  Thanks,
>  Antonio
>
> Looks like they stuck it in the a 'fotos' directory they created:
>
>  Hxxp://www.colonia.gub.uy/fotos/video_amador.exe
>
>  It seems dropping malware on government websites is getting more and more
>  popular.  Anyone have a contact in .uy?
>
>  Looks like the malware tries to grab
>  hxxp://www.fazendasabia.com.br/imagens/kl.jpg but is
> getting a 403 back from
>  the server.
>
>
>  Steven
>
>  -----Original Message-----
>  From: Antonio Montes [mailto:antonio.montes en cenpra.gov.br]
>  Sent: Thursday, June 12, 2008 9:10 AM
>  To: ii en npogroups.org
>  Subject: [ii] Phishing site
>
>  Live phishing site:
>
>  http://tinyurl.com/3knprz ->
> http://www.colonia.gub.uy/video_amador.exe
>
>  video_amador.exe:
>  md5: ad981f08340b5e4efef520779e72de16
>
>  Cheers,
>
>  Antonio
> ____________________________________________________________
>  You received this message as a subscriber on the list:
>      ii en npogroups.org
>  To be removed from the list, send any message to:
>      ii-unsubscribe en npogroups.org
>
>  For all list information and functions, see:
>      http://npogroups.org/lists/info/ii
>
> ____________________________________________________________
>  You received this message as a subscriber on the list:
>      ii en npogroups.org
>  To be removed from the list, send any message to:
>      ii-unsubscribe en npogroups.org
>
>  For all list information and functions, see:
>      http://npogroups.org/lists/info/ii
>
>
>
>  --
>  No virus found in this incoming message.
>  Checked by AVG.
>  Version: 7.5.524 / Virus Database: 270.3.0/1499 - Release Date: 12/06/2008
> 07:13
>
>
>
> _______________________________________________
>  Seguridad mailing list
>  Seguridad en lacnic.net
>  https://mail.lacnic.net/mailman/listinfo/seguridad
>
>


-- 
Martin Aberastegue
http://www.rzw.com.ar

Más información sobre la lista de distribución Seguridad