Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




Tel69
256 posts

Ultimate Geek

Trusted
Lifetime subscriber

# 44003 23-Oct-2009 18:42
Send private message

Hi all,

I have an interesting one. I got a malware link via a spam e-mail.
It was VERY amateur it say the least. (In the form in ftp://user:pass@11.1.1.1/randomnumber.htm

So I used my FTP client to get the file and sure enough on total antivirus a 20% hit rate for a malware downloader.
Looking at the html it's encrypted. (Haven't figured how yet)
Soooo, I downloaded the whole site.
Then I renamed the randomnumber.htm to r.htm on the site so no-one could get to the malware link.
On investigating the sites other pages, loads of encrypted pages, loaded of porn banners.

I'm wondering if I should just delete the whole site via FTP.
This is not an ethical debate on wether or not I'm perceived as hacking following a link sent to me by malware (Which just happened to contain the username and password DUH!), but more an ethical debate on if I should kill the whole site to stop the idiots who would click on links like that for the site.

Cheers,
Tel
EDIT : fixed some typos and clarified.

Create new topic


Tel69
256 posts

Ultimate Geek

Trusted
Lifetime subscriber

  # 266438 23-Oct-2009 18:55
Send private message

Oh, the site is in turkey, so they are not up yet, BUT each time I connect when I disconnect I change my IP.
You gotta be safe especially downloading a malware installers complete site. :)

1786 posts

Uber Geek

Trusted

  # 266447 23-Oct-2009 19:25
Send private message

Dodgy, have a read at this and this.

 
 
 
 




Tel69
256 posts

Ultimate Geek

Trusted
Lifetime subscriber

  # 266458 23-Oct-2009 20:05
Send private message

Interesting.
The ftp server running this is FileZilla Server, but strangely enough their site has been majorly done over with heaps of malware http code and porn site banners and a "mass_send.php" in a whole load of directories.

I'd say your right, it was a legit site but has been compromised, probably by your first link.
The IP address itself seems to be a user of "Radore Telekomunikasyon" in Turkey.

Your thoughts on should I go to the effort to force the admin of this FTP server to look at their security?
(Read delete everything off the site as it's almost all malware and porn links now)

1786 posts

Uber Geek

Trusted

  # 266463 23-Oct-2009 20:39
Send private message

hmm i guess if you're kind enough to spend time, sure why not let them know. from the articles i read, I think not saving ftp password on your local machine is a good start lol.



Tel69
256 posts

Ultimate Geek

Trusted
Lifetime subscriber

  # 266475 23-Oct-2009 21:28
Send private message

Yes it definately is Andy, lol.
I think this should serve as a warning for the person who runs the ftp site. (saved as warning.txt on the FTP site)

"Your security is comprimised.
Change ALL your FTP, online (Internet banking and the such passwords) and your local user passwords on the machine.
Then use SFTP as opposed to open FTP from now on."

Hopefully that should give them an idea they have been compromised.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35


Amazon Studios announces New Zealand as location for its upcoming series based on The Lord of the Rings
Posted 18-Sep-2019 17:24


The Warehouse chooses Elasticsearch service
Posted 18-Sep-2019 13:55


Voyager upgrades core network to 100Gbit
Posted 18-Sep-2019 13:52


Streaming service Acorn TV launches in New Zealand with selection with British shows
Posted 18-Sep-2019 08:55


Bitcoin.com announces partnership with smartphone manufacturer HTC
Posted 16-Sep-2019 21:30


Finalists Announced for Microsoft NZ Partner Awards
Posted 16-Sep-2019 19:37


OPPO Showcases New CameraX Capabilities at Google Developer Days China 2019
Posted 15-Sep-2019 12:42


New Zealand PC Market returns to growth
Posted 15-Sep-2019 12:24


Home sensor charity director speaks about the preventable death which drives her to push for healthy homes
Posted 11-Sep-2019 08:46


Te ao Maori Minecraft world set to inspire Kiwi students
Posted 11-Sep-2019 08:43


Research reveals The Power of Games in New Zealand
Posted 11-Sep-2019 08:40


Ring Door View Cam now available in New Zealand
Posted 11-Sep-2019 08:38


Vodafone NZ to create X Squad
Posted 10-Sep-2019 10:25


Huawei nova 5T to be available 20th September
Posted 5-Sep-2019 11:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.