Your proxy was probably hacked, not google's. -- Rory Savage, Senior Systems Administrator Nando Media: www.nandomedia.com email: rsavageat_private aol im (PiasElihU) 919-836-5987 (Office) On Tue, 7 Jan 2003, Johnson, April wrote: > I've run into something most unusual in my proxy cache from last night: This > was what appeared if I used my proxy to view www.google.com. It *could* be > that my proxy cache was hacked, or some kind of dns spoofing/corruption > occured between here and there. But has anyone else heard/seen this? > > Ping for www.google.com resolves to 216.239.33.101 - from the proxy console. > > The google site with a black background and the text > > Touch by cassablanca > > > Gratz To > > s2c botaks [M2C] Junkist DewaLangit SpaceGhostz Ghostz bagan Escuver > frozenghost Gir4ff3 AxAL > > #IndoHackerLInkat_private #AntiHackerLinkat_private #RealCyberat_private > > > I've included the source as follows... It doesn't look all that clean. > > > -April Johnson (CISSP, MCSE, CCNP) > Network Operations - Security > Seattle Public Schools > apjohnsonat_private > 206.252.0353 > > "Give a kid a fish, and he eats for a day; teach a kid to fish, and he eats > for a lifetime." > > ---------------------------------------------------------------------------- > - > > > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD><TITLE>Touch By cassablanca</TITLE> <META > http-equiv=Content-Type content="text/html; charset=windows-1252"> > <"CHECK_FOR_VIRUSES"_STYLE .F1 { > FILTER: glow(Color=#FF8000,Strength=10); WIDTH: 250px; HEIGHT: 200px > } .F2 { > FILTER: glow(Color=#00FF00,Strength=10); WIDTH: 250px; HEIGHT: 200px > } .F3 { > FILTER: glow(Color=#0080FF,Strength=10); WIDTH: 250px; HEIGHT: 200px > } ></"CHECK_FOR_VIRUSES"_STYLE> > > <"CHECK_FOR_VIRUSES"_SCRIPT language=JavaScript> > <!-- Original: CodeLifter.com (supportat_private) --> > <!-- Web Site: http://www.codelifter.com --> > > <!-- This script and many more are available free online at --> > <!-- The JavaScript Source!! http://javascript.internet.com --> > > <!-- Begin > var rate = 1000 > // do not edit below this line > var i = 0; > var F = 'F1'; > function doThing() { > if (document.getElementById&&document.all) { > ok = true; > i++; > if (i==1) F = 'F1'; > if (i==2) F = 'F2'; > if (i==3) F = 'F3'; > YammaYamma.className = F; > if (i > 2) i = 0; > timer = setTimeout('doThing()', rate); > } > } > // End --> > </"CHECK_FOR_VIRUSES"_SCRIPT> > <META content="Microsoft FrontPage 5.0" name=GENERATOR></HEAD> <BODY > text="#ffffff" bgColor="#000000" "CHECK_FOR_VIRUSES"_onload="doThing()"><!-- STEP THREE: Copy this > code into the BODY of your HTML document --> <CENTER> <TABLE cellSpacing=0 > cellPadding=10 width=401 height="69"> > <TBODY> > <TR> > <TD width="401" height="69"> > <CENTER><FONT face="Monotype Corsiva" color=#ffffff> > <P id=YammaYamma><B><font size="7">Touch by </font> </B></FONT><B> > <font size="7" face="Monotype Corsiva" > color="#ffffff">cassablanca</font></B><FONT face=Courier color=#ffffff > size=10> > </P></FONT></CENTER></TD></TR></TBODY></TABLE></CENTER> > <P align="center"><B><FONT face=Terminal color=#00ff00 size=5>Gratz > To</FONT></B></P> <P align="center"><FONT face="Comic Sans MS" color=#ff0000 > size=4>s2c botaks > [M2C] Junkist DewaLangit SpaceGhostz Ghostz bagan Escuver frozenghost > Gir4ff3 > AxAL</FONT></P> > <P align="center"><FONT face="Monotype Corsiva" color=#ff0000 size=5><FONT > color=#ffffff></a></a></FONT> > </font><FONT face="Monotype Corsiva" > size=5>#IndoHackerLInkat_private</font></a></a> </FONT> </font> <font > face="Monotype Corsiva" size="5"> #AntiHackerLinkat_private > #RealCyberat_private</A></font><font face="Monotype Corsiva" color="#ff0000" > size="5"></HTML><font face="Monotype Corsiva" > size="5"></a></font></font></P><!-- text below generated by server. PLEASE > REMOVE > --></"CHECK_FOR_VIRUSES"_object></"CHECK_FOR_VIRUSES"_layer></div></span></"CHECK_FOR_VIRUSES"_style></noscript></table></"CHECK_FOR_VIRUSES"_script></apple > t><"CHECK_FOR_VIRUSES"_script language="JavaScript" > src="http://us.i1.yimg.com/us.yimg.com/i/mc/mc.js"></"CHECK_FOR_VIRUSES"_script><"CHECK_FOR_VIRUSES"_script > language="JavaScript" > src="http://domainpending.com/js_source/geov2.js"></"CHECK_FOR_VIRUSES"_script><"CHECK_FOR_VIRUSES"_script > language="javascript">geovisit();</"CHECK_FOR_VIRUSES"_script><noscript><img > src="http://visit.webhosting.yahoo.com/visit.gif?us1040932987" border=0 > width=1 height=1></noscript> <IMG > SRC="http://geo.yahoo.com/serv?s=76001085&t=1040932987" ALT=1 WIDTH=1 > HEIGHT=1> > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 15:51:02 PST
