Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Tel69
260 posts

Ultimate Geek

Trusted
Lifetime subscriber

# 44003 23-Oct-2009 18:42
Send private message

Hi all,

I have an interesting one. I got a malware link via a spam e-mail.
It was VERY amateur it say the least. (In the form in ftp://user:pass@11.1.1.1/randomnumber.htm

So I used my FTP client to get the file and sure enough on total antivirus a 20% hit rate for a malware downloader.
Looking at the html it's encrypted. (Haven't figured how yet)
Soooo, I downloaded the whole site.
Then I renamed the randomnumber.htm to r.htm on the site so no-one could get to the malware link.
On investigating the sites other pages, loads of encrypted pages, loaded of porn banners.

I'm wondering if I should just delete the whole site via FTP.
This is not an ethical debate on wether or not I'm perceived as hacking following a link sent to me by malware (Which just happened to contain the username and password DUH!), but more an ethical debate on if I should kill the whole site to stop the idiots who would click on links like that for the site.

Cheers,
Tel
EDIT : fixed some typos and clarified.

Create new topic


Tel69
260 posts

Ultimate Geek

Trusted
Lifetime subscriber

  # 266438 23-Oct-2009 18:55
Send private message

Oh, the site is in turkey, so they are not up yet, BUT each time I connect when I disconnect I change my IP.
You gotta be safe especially downloading a malware installers complete site. :)

1786 posts

Uber Geek

Trusted

  # 266447 23-Oct-2009 19:25
Send private message

Dodgy, have a read at this and this.

 
 
 
 




Tel69
260 posts

Ultimate Geek

Trusted
Lifetime subscriber

  # 266458 23-Oct-2009 20:05
Send private message

Interesting.
The ftp server running this is FileZilla Server, but strangely enough their site has been majorly done over with heaps of malware http code and porn site banners and a "mass_send.php" in a whole load of directories.

I'd say your right, it was a legit site but has been compromised, probably by your first link.
The IP address itself seems to be a user of "Radore Telekomunikasyon" in Turkey.

Your thoughts on should I go to the effort to force the admin of this FTP server to look at their security?
(Read delete everything off the site as it's almost all malware and porn links now)

1786 posts

Uber Geek

Trusted

  # 266463 23-Oct-2009 20:39
Send private message

hmm i guess if you're kind enough to spend time, sure why not let them know. from the articles i read, I think not saving ftp password on your local machine is a good start lol.



Tel69
260 posts

Ultimate Geek

Trusted
Lifetime subscriber

  # 266475 23-Oct-2009 21:28
Send private message

Yes it definately is Andy, lol.
I think this should serve as a warning for the person who runs the ftp site. (saved as warning.txt on the FTP site)

"Your security is comprimised.
Change ALL your FTP, online (Internet banking and the such passwords) and your local user passwords on the machine.
Then use SFTP as opposed to open FTP from now on."

Hopefully that should give them an idea they have been compromised.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24


Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.