[LACNIC/Seguridad] [Fwd: Re: [ii] Phishing site]
Martin Aberastegue
xyborg en gmail.com
Jue Jun 12 11:38:23 BRT 2008
I've sent an email to the admins of the domain colonia.gub.uy. It
seems to be remote file inclusion vulnerability on the script they are
using.
On 6/12/08, Antonio Montes <antonio.montes en cenpra.gov.br> wrote:
> Carlos,
>
> Could you please forward the enclosed information to the appropriate
> response group in Uruguay.
>
> Thanks,
> Antonio
>
> Looks like they stuck it in the a 'fotos' directory they created:
>
> Hxxp://www.colonia.gub.uy/fotos/video_amador.exe
>
> It seems dropping malware on government websites is getting more and more
> popular. Anyone have a contact in .uy?
>
> Looks like the malware tries to grab
> hxxp://www.fazendasabia.com.br/imagens/kl.jpg but is
> getting a 403 back from
> the server.
>
>
> Steven
>
> -----Original Message-----
> From: Antonio Montes [mailto:antonio.montes en cenpra.gov.br]
> Sent: Thursday, June 12, 2008 9:10 AM
> To: ii en npogroups.org
> Subject: [ii] Phishing site
>
> Live phishing site:
>
> http://tinyurl.com/3knprz ->
> http://www.colonia.gub.uy/video_amador.exe
>
> video_amador.exe:
> md5: ad981f08340b5e4efef520779e72de16
>
> Cheers,
>
> Antonio
> ____________________________________________________________
> You received this message as a subscriber on the list:
> ii en npogroups.org
> To be removed from the list, send any message to:
> ii-unsubscribe en npogroups.org
>
> For all list information and functions, see:
> http://npogroups.org/lists/info/ii
>
> ____________________________________________________________
> You received this message as a subscriber on the list:
> ii en npogroups.org
> To be removed from the list, send any message to:
> ii-unsubscribe en npogroups.org
>
> For all list information and functions, see:
> http://npogroups.org/lists/info/ii
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.524 / Virus Database: 270.3.0/1499 - Release Date: 12/06/2008
> 07:13
>
>
>
> _______________________________________________
> Seguridad mailing list
> Seguridad en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/seguridad
>
>
--
Martin Aberastegue
http://www.rzw.com.ar
Más información sobre la lista de distribución Seguridad