On Wed, 14 Feb 2007, Jeremy Epstein wrote: > There was also a really entertaining presentation from Patrick Petersen of > IronPort at RSA, in which he mentioned use of defaced web sites as proxy > forwarders for spammers. According to the presentation, the spammers have a > fairly sophisticated toolkit that takes over the site and turns it into a > pharmacy (or whatever) redirect site. A different goal from the Websense > presentation, but still a purpose other than simple defacement. Indeed. I can post some screenshots of some of these tools if you are interested in them. Anon remailers, spam tools, etc. More and more spam is being sent using web servers. I am looking for someone to volunteer to create spam assasin rules based on how these tools send mail. You can find my writeup and link to article on this subject here: http://blogs.securiteam.com/index.php/archives/815 Gadi. > > --Jeremy > > > -----Original Message----- > > From: Gadi Evron [mailto:ge@xxxxxxxxxxxx] > > Sent: Monday, February 12, 2007 11:17 AM > > To: php-wars@xxxxxxxxxxxxxxxxxxxxxx > > Cc: botnets@xxxxxxxxxxxxxxxxxxxxxx; > > full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx > > Subject: defacements for the installation of malcode > > > > Websense just released a blog post on how sites get defaced > > for malicious purposes other than the defacement itself, such > > as installing mallicious software on visiting users. > > > > This is yet another layer of abuse of web server attack platforms. > > > > You can find their post here: > > http://www.websense.com/securitylabs/blog/blog.php?BlogID=109 > > > > Gadi. > > >