Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicTo delete a spam/malware site or not?
Tel69

Tel69
261 posts

Ultimate Geek
+1 received by user: 4

Trusted
Lifetime subscriber

#44003 23-Oct-2009 18:42
Send private message

Hi all,

I have an interesting one. I got a malware link via a spam e-mail.
It was VERY amateur it say the least. (In the form in ftp://user:pass@11.1.1.1/randomnumber.htm

So I used my FTP client to get the file and sure enough on total antivirus a 20% hit rate for a malware downloader.
Looking at the html it's encrypted. (Haven't figured how yet)
Soooo, I downloaded the whole site.
Then I renamed the randomnumber.htm to r.htm on the site so no-one could get to the malware link.
On investigating the sites other pages, loads of encrypted pages, loaded of porn banners.

I'm wondering if I should just delete the whole site via FTP.
This is not an ethical debate on wether or not I'm perceived as hacking following a link sent to me by malware (Which just happened to contain the username and password DUH!), but more an ethical debate on if I should kill the whole site to stop the idiots who would click on links like that for the site.

Cheers,
Tel
EDIT : fixed some typos and clarified.

Create new topic
Tel69

Tel69
261 posts

Ultimate Geek
+1 received by user: 4

Trusted
Lifetime subscriber

  #266438 23-Oct-2009 18:55
Send private message

Oh, the site is in turkey, so they are not up yet, BUT each time I connect when I disconnect I change my IP.
You gotta be safe especially downloading a malware installers complete site. :)



zocster
1994 posts

Uber Geek
+1 received by user: 105

ID Verified
Trusted
Lifetime subscriber

  #266447 23-Oct-2009 19:25
Send private message

Dodgy, have a read at this and this.

Tel69

Tel69
261 posts

Ultimate Geek
+1 received by user: 4

Trusted
Lifetime subscriber

  #266458 23-Oct-2009 20:05
Send private message

Interesting.
The ftp server running this is FileZilla Server, but strangely enough their site has been majorly done over with heaps of malware http code and porn site banners and a "mass_send.php" in a whole load of directories.

I'd say your right, it was a legit site but has been compromised, probably by your first link.
The IP address itself seems to be a user of "Radore Telekomunikasyon" in Turkey.

Your thoughts on should I go to the effort to force the admin of this FTP server to look at their security?
(Read delete everything off the site as it's almost all malware and porn links now)



zocster
1994 posts

Uber Geek
+1 received by user: 105

ID Verified
Trusted
Lifetime subscriber

  #266463 23-Oct-2009 20:39
Send private message

hmm i guess if you're kind enough to spend time, sure why not let them know. from the articles i read, I think not saving ftp password on your local machine is a good start lol.

Tel69

Tel69
261 posts

Ultimate Geek
+1 received by user: 4

Trusted
Lifetime subscriber

  #266475 23-Oct-2009 21:28
Send private message

Yes it definately is Andy, lol.
I think this should serve as a warning for the person who runs the ftp site. (saved as warning.txt on the FTP site)

"Your security is comprimised.
Change ALL your FTP, online (Internet banking and the such passwords) and your local user passwords on the machine.
Then use SFTP as opposed to open FTP from now on."

Hopefully that should give them an idea they have been compromised.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright