Happened to em, while i was checking come NT servers, that lots fo them, affected by teh Unicode and decode traversal bug, had benn hacked, i think by a worm, because it was the same in all of them. The message that appeared in the hacked site is down here, and what was very weirdow was that Norton Antivirus 2000 detected that html file as a virus. Norton detects hacked web pages? The message in teh hacked sites said: fuck USA Government fuck PoizonBOx contact:sysadmcnat_private And the Html source: <html> <body bgcolor=black> <br><br><br><br><br><br> <table width=100%><td> <p align="center"> <font size=7 color=red>fuck USA Government</font> <tr><td><p align="center"> <font size=7 color=red>fuck PoizonBOx<tr><td> <p align="center"> <font size=4 color=red>contact:sysadmcnat_private</html> Bye guys KerozenE 1999-2001 c0oL! ICQ: 78480975 ********************************* Webmaster de www.hackemate.com.ar hackemateat_private ********************************* Moderador de HACKEMATE ML http://www.eListas.net/lista/hackemate/alta hackemate-altaat_private ********************************* Editor Del EZine HC&KTM Mensual:HPVCC y todo el Under de la Net http://www.hackemate.com.ar hackemate-altaat_private ********************************* IRC.elsitio.com port:6667 #hackemate ********************************* Friday, August 03, 2001, 6:38:41 PM, you wrote: MH> Good afternoon, MH> While surfing last evening I found several sites that had appeared MH> to be hacked. Their SSL certs were invalid and the site read "prepare to be MH> owned." Did anyone else experience this? Is this a new worm or script MH> junkie? Thanks again. MH> Michael Hendricks
This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 20:53:58 PDT