I've run into something most unusual in my proxy cache from last night: This was what appeared if I used my proxy to view www.google.com. It *could* be that my proxy cache was hacked, or some kind of dns spoofing/corruption occured between here and there. But has anyone else heard/seen this? Ping for www.google.com resolves to 216.239.33.101 - from the proxy console. The google site with a black background and the text Touch by cassablanca Gratz To s2c botaks [M2C] Junkist DewaLangit SpaceGhostz Ghostz bagan Escuver frozenghost Gir4ff3 AxAL #IndoHackerLInkat_private #AntiHackerLinkat_private #RealCyberat_private I've included the source as follows... It doesn't look all that clean. -April Johnson (CISSP, MCSE, CCNP) Network Operations - Security Seattle Public Schools apjohnsonat_private 206.252.0353 "Give a kid a fish, and he eats for a day; teach a kid to fish, and he eats for a lifetime." ---------------------------------------------------------------------------- - <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD><TITLE>Touch By cassablanca</TITLE> <META http-equiv=Content-Type content="text/html; charset=windows-1252"> <"CHECK_FOR_VIRUSES"_STYLE .F1 { FILTER: glow(Color=#FF8000,Strength=10); WIDTH: 250px; HEIGHT: 200px } .F2 { FILTER: glow(Color=#00FF00,Strength=10); WIDTH: 250px; HEIGHT: 200px } .F3 { FILTER: glow(Color=#0080FF,Strength=10); WIDTH: 250px; HEIGHT: 200px } ></"CHECK_FOR_VIRUSES"_STYLE> <"CHECK_FOR_VIRUSES"_SCRIPT language=JavaScript> <!-- Original: CodeLifter.com (supportat_private) --> <!-- Web Site: http://www.codelifter.com --> <!-- This script and many more are available free online at --> <!-- The JavaScript Source!! http://javascript.internet.com --> <!-- Begin var rate = 1000 // do not edit below this line var i = 0; var F = 'F1'; function doThing() { if (document.getElementById&&document.all) { ok = true; i++; if (i==1) F = 'F1'; if (i==2) F = 'F2'; if (i==3) F = 'F3'; YammaYamma.className = F; if (i > 2) i = 0; timer = setTimeout('doThing()', rate); } } // End --> </"CHECK_FOR_VIRUSES"_SCRIPT> <META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD> <BODY text="#ffffff" bgColor="#000000" "CHECK_FOR_VIRUSES"_onload="doThing()"><!-- STEP THREE: Copy this code into the BODY of your HTML document --> <CENTER> <TABLE cellSpacing=0 cellPadding=10 width=401 height="69"> <TBODY> <TR> <TD width="401" height="69"> <CENTER><FONT face="Monotype Corsiva" color=#ffffff> <P id=YammaYamma><B><font size="7">Touch by </font> </B></FONT><B> <font size="7" face="Monotype Corsiva" color="#ffffff">cassablanca</font></B><FONT face=Courier color=#ffffff size=10> </P></FONT></CENTER></TD></TR></TBODY></TABLE></CENTER> <P align="center"><B><FONT face=Terminal color=#00ff00 size=5>Gratz To</FONT></B></P> <P align="center"><FONT face="Comic Sans MS" color=#ff0000 size=4>s2c botaks [M2C] Junkist DewaLangit SpaceGhostz Ghostz bagan Escuver frozenghost Gir4ff3 AxAL</FONT></P> <P align="center"><FONT face="Monotype Corsiva" color=#ff0000 size=5><FONT color=#ffffff></a></a></FONT> </font><FONT face="Monotype Corsiva" size=5>#IndoHackerLInkat_private</font></a></a> </FONT> </font> <font face="Monotype Corsiva" size="5"> #AntiHackerLinkat_private #RealCyberat_private</A></font><font face="Monotype Corsiva" color="#ff0000" size="5"></HTML><font face="Monotype Corsiva" size="5"></a></font></font></P><!-- text below generated by server. PLEASE REMOVE --></"CHECK_FOR_VIRUSES"_object></"CHECK_FOR_VIRUSES"_layer></div></span></"CHECK_FOR_VIRUSES"_style></noscript></table></"CHECK_FOR_VIRUSES"_script></apple t><"CHECK_FOR_VIRUSES"_script language="JavaScript" src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></"CHECK_FOR_VIRUSES"_script><"CHECK_FOR_VIRUSES"_script language="JavaScript" src="http://domainpending.com/js_source/geov2.js"></"CHECK_FOR_VIRUSES"_script><"CHECK_FOR_VIRUSES"_script language="javascript">geovisit();</"CHECK_FOR_VIRUSES"_script><noscript><img src="http://visit.webhosting.yahoo.com/visit.gif?us1040932987" border=0 width=1 height=1></noscript> <IMG SRC="http://geo.yahoo.com/serv?s=76001085&t=1040932987" ALT=1 WIDTH=1 HEIGHT=1> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 14:18:03 PST