Re: What does this haxker code do?
Marc Perkel skrev den 2013-05-04 07:38: Here's some code I extracted from a hacked web site. I don't know what it does but I think it night spread viruses. I'd like to see if anyone understands it. It was added at the beginning of a wordpress site in the wp-config.php file. I noticed that it pulled data and redirected to various hacker sites. Maybe we could use it to get a list and blacklist the hackers domains? wordpress it is, and it is dropped by secuirity on gentoo, but one of my webhosters say if users want it let them have it even if it contains secucuity bugs like hell want to help ?, create clamav signatures for the url in this javascript url, and scan email with it -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
Fwd: [SURBL-Announce] MW malware sublist added to multi, replaces OB
http://lists.surbl.org/pipermail/announce/2013-May/000209.html Date: Wed, 1 May 2013 05:54:48 -0700 To: SURBL Announce annou...@lists.surbl.org Subject: [SURBL-Announce] MW malware sublist added to multi, replaces OB As announced last October, malware data has been moved from PH to a new list MW, taking the bit of OB, which was deprecated last year. Along with malware data, limited set of cracked hosts also has been moved from PH to MW, in part because cracked sites often have or can have malware on them. The bitmask bit 16 therefore is no longer used by OB, but is used by MW now. Please update configurations appropriately. For example in SpamAssassin, change: urirhssub URIBL_OB_SURBL multi.surbl.org.A 16 bodyURIBL_OB_SURBL eval:check_uridnsbl('URIBL_OB_SURBL') describeURIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist tflags URIBL_OB_SURBL net reuse URIBL_OB_SURBL score URIBL_OB_SURBL 0 0.785 0 0.122 to: urirhssub URIBL_MW_SURBL multi.surbl.org.A 16 bodyURIBL_MW_SURBL eval:check_uridnsbl('URIBL_MW_SURBL') describeURIBL_MW_SURBL Contains an URL listed in the MW SURBL blocklist tflags URIBL_MW_SURBL net reuse URIBL_MW_SURBL score URIBL_MW_SURBL 0 0.001 0 0.610 Please direct followup discussion to the SURBL Discussion list.
Re: .pw / Palau URL domains in spam
On Wed, 1 May 2013, doneshlaher wrote: Hello Axb, Thank you for providing with the domain names. We will be suspending all these reported domain names. However, in the mean time may i know what kind of spams have been received ?? also can you please forward us the email headers of few of the reported domain names. This would help us to analyse the headers and understand, whether we the account is compromised or not. Regards Donesh Laher Cyber Security Analyst .PW Registry Donesh, How many dozen spams a day would you like to receive? Should I send them to your personal address or is there some other reporting address I should use? We are not a large site (only a few thousand users) but in the past few weeks have been receiving hundreds of spams a day advertising .pw domains. Here's a partial list of some of the past 3 days worth: (this list would be much larger except that I've been black-listing the IP addresses of their hosting providers as fast as I can identify them) vision-virtuahosting1.pw visionsvirtualwebhost4.pw allsupremedeal.pw alltopdeals.pw amerivalues.pw autopricefind.pw autopricefinder.pw banesgroup.pw dallyhost.pw dimehosts.pw dursidis.pw efulan.pw efundess.pw ekmsgroup.pw ezhotdealz.pw getgreatwins.pw gethotdealz.pw grevaluaqu.pw igreatness.pw imaginec1.pw iradjead.pw islity.pw metagreatwins.pw neathotdealz.pw newgreatdealz.pw progreatdealz.pw servermaximum.pw sharpgreatdealz.pw sleekgreatdealz.pw specialzhome.pw specialzland.pw specialztoday.pw successtopdeals.pw superbtopdeals.pw supertopdeals.pw usdirects1.pw vision-virtualhosting12.pw vision-virtualhosting14.pw visionsvirtualwebhost2.pw zbidnow.pw avanheertyu.pw getsuperiordeal.pw sleeplessdaysnow.pw gwampuer.pw treelendnews.pw getmatchednows.pw -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{