http://www.newsbytes.com/news/01/172554.html By Brian McWilliams, Newsbytes ALEXANDRIA, VIRGINIA, U.S.A., 29 Nov 2001, 4:29 PM CST Banner ads promoting a notorious group of computer attackers known as Fluffi Bunni today appeared at SecurityFocus.com, after the hackers compromised a server operated by the leading security firm's advertising partner. The ad banner depicted the hacking group's mascot, a pink stuffed toy rabbit, and the words "You think you know? You have no idea," and was signed "Security Fluffi." According to SecurityFocus Vice President of Engineering Alfred Huger, the attackers breached the ad serving system operated by Thruport Technologies at around 7 a.m. E.S.T. The bogus ads appeared on various pages of the SecurityFocus site for a period of several hours before the security firm modified the code in its Web pages and began serving its own ads, Huger said. Thruport officials did not respond to interview requests. According to the company's Web site, Thruport offers software applications to commercial portal owners, corporate Websites and Internet service providers. Among the firm's products is an ad serving technology called AdJuggler. A directory at Thruport's site containing ad banners displayed at the SecurityFocus site was still browsable this afternoon. Among the banners were several copies of the one created by Fluffi Bunni, according to Jay Dyson, an independent security consultant, who categorized the breach as a "subversion of information" attack. "This definitely ranks as one of the more elegant attacks I've seen in a while. This wasn't the product of an impulsive act. It was carried out with patience, perseverance, and a healthy dose of panache," said Dyson. According to Huger, Fluffi Bunni apparently exploited a recently publicized vulnerability in OpenSSH, an authentication technology, to take control of the Thruport server. At no time did the attackers directly penetrate the security of the SecurityFocus site, he said. "I'm thrilled that they didn't actually break into our site. We get a lot of people knocking around our network all the time and I guess they found a weak link with the banners. It's mostly just an inconvenience," said Huger. In addition to providing information security consulting services, SecurityFocus publishes numerous information resources, including the popular Bugtraq mailing list. SecurityFocus is the latest of several high-profile security-related organizations recently targeted by Fluffi Bunni. Last July, the attackers defaced a site operated by the SANS Institute, a security training and information organization, as well as the home page of Attrition.org, a security information site. A mirror of the Fluffi Bunni ad is at http://defaced.alldas.de/mirror/2001/11/29/www.securityfocus.com . SecurityFocus is online at http://www.securityfocus.com . - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 06:32:43 PST