worm atacking NTs vulnerables detected by NA 2K??

From: Hackemate.com.ar (hackemateat_private)
Date: Fri Aug 03 2001 - 20:17:03 PDT

  • Next message: Sould3mon: "Re: Suspicious JOe.exe"

    Happened to em, while i was checking come NT servers, that lots fo
    them, affected by teh Unicode and decode traversal bug, had benn
    hacked, i think by a worm, because it was the same in all of them.
    The message that appeared in the hacked site is down here, and what
    was very weirdow was that Norton Antivirus 2000 detected that html
    file as a virus. Norton detects hacked web pages?
    
    The message in teh hacked sites said:
    
    fuck USA Government
    
    fuck PoizonBOx
    
    contact:sysadmcnat_private
    
    And the Html source:
    
    <html>
    <body bgcolor=black>
    <br><br><br><br><br><br>
    <table width=100%><td>
    <p align="center">
    <font size=7 color=red>fuck USA Government</font>
    <tr><td><p align="center">
    <font size=7 color=red>fuck PoizonBOx<tr><td>
    <p align="center">
    <font size=4 color=red>contact:sysadmcnat_private</html>
    
    Bye guys
    
    KerozenE 1999-2001 c0oL!
    ICQ: 78480975
    *********************************
    Webmaster de www.hackemate.com.ar
    hackemateat_private
    *********************************
    Moderador de HACKEMATE ML
    http://www.eListas.net/lista/hackemate/alta
    hackemate-altaat_private
    *********************************
    Editor Del EZine HC&KTM Mensual:HPVCC y todo el Under de la Net
    http://www.hackemate.com.ar
    hackemate-altaat_private
    *********************************
    IRC.elsitio.com port:6667 #hackemate
    *********************************
    
    
    Friday, August 03, 2001, 6:38:41 PM, you wrote:
    
    MH> Good afternoon,
    MH>         While surfing last evening I found several sites that had appeared
    MH> to be hacked. Their SSL certs were invalid and the site read "prepare to be
    MH> owned." Did anyone else experience this? Is this a new worm or script
    MH> junkie? Thanks again.
    
    MH> Michael Hendricks
    



    This archive was generated by hypermail 2b30 : Fri Aug 03 2001 - 20:53:58 PDT