[ISN] Fluffi Bunni Places Ads At Security Site

From: InfoSec News (isnat_private)
Date: Fri Nov 30 2001 - 04:17:24 PST

  • Next message: InfoSec News: "[ISN] From the L0pht to the West Wing."

    By Brian McWilliams, Newsbytes
    29 Nov 2001, 4:29 PM CST
    Banner ads promoting a notorious group of computer attackers known as
    Fluffi Bunni today appeared at SecurityFocus.com, after the hackers
    compromised a server operated by the leading security firm's
    advertising partner.
    The ad banner depicted the hacking group's mascot, a pink stuffed toy
    rabbit, and the words "You think you know? You have no idea," and was
    signed "Security Fluffi."
    According to SecurityFocus Vice President of Engineering Alfred Huger,
    the attackers breached the ad serving system operated by Thruport
    Technologies at around 7 a.m. E.S.T. The bogus ads appeared on various
    pages of the SecurityFocus site for a period of several hours before
    the security firm modified the code in its Web pages and began serving
    its own ads, Huger said.
    Thruport officials did not respond to interview requests. According to
    the company's Web site, Thruport offers software applications to
    commercial portal owners, corporate Websites and Internet service
    providers. Among the firm's products is an ad serving technology
    called AdJuggler.
    A directory at Thruport's site containing ad banners displayed at the
    SecurityFocus site was still browsable this afternoon. Among the
    banners were several copies of the one created by Fluffi Bunni,
    according to Jay Dyson, an independent security consultant, who
    categorized the breach as a "subversion of information" attack.
    "This definitely ranks as one of the more elegant attacks I've seen in
    a while. This wasn't the product of an impulsive act. It was carried
    out with patience, perseverance, and a healthy dose of panache," said
    According to Huger, Fluffi Bunni apparently exploited a recently
    publicized vulnerability in OpenSSH, an authentication technology, to
    take control of the Thruport server. At no time did the attackers
    directly penetrate the security of the SecurityFocus site, he said.
    "I'm thrilled that they didn't actually break into our site. We get a
    lot of people knocking around our network all the time and I guess
    they found a weak link with the banners. It's mostly just an
    inconvenience," said Huger.
    In addition to providing information security consulting services,
    SecurityFocus publishes numerous information resources, including the
    popular Bugtraq mailing list.
    SecurityFocus is the latest of several high-profile security-related
    organizations recently targeted by Fluffi Bunni. Last July, the
    attackers defaced a site operated by the SANS Institute, a security
    training and information organization, as well as the home page of
    Attrition.org, a security information site.
    A mirror of the Fluffi Bunni ad is at
    http://defaced.alldas.de/mirror/2001/11/29/www.securityfocus.com .
    SecurityFocus is online at http://www.securityfocus.com .
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 06:32:43 PST