Liudvikas Bukys

A particularly insidious kind of spam. It looks like a friend sent a greeting card. Click on the link and you go to a page where it says you need to upgrade in order to get the card. They walk you through the install process. Don’t do it — this puts code on your machine, certainly adware, maybe spyware, maybe worse. Now for experienced programmers this is pretty transparent, but what about less technical users. Oy what a mess. What does the future hold? [Scripting News]

Category: LINKS, security | Comment |

Hacking IIS — how sweet it is

August 11, 2001, 2:48 pm

The Register, Aug 11 2001 12:11PM ET:
Hacking IIS — how sweet it is.

We’ve looked over a few recent credit-card database compromises brought to our attention by CardCops (formerly AdCops), an organization which tries to get the straight dope on e-commerce hacks directly from the blackhat community to better inform merchants of threats to their systems.

The most recent victims CardCops has seen are on-line perfumery StrawberryNet.com; computer retailer mWave.com; and a very large Texas ISP called Stic.net, which gave up many thousands of credit card details, along with the records of 500 businesses and their FTP logins. All of the victims are running IIS 4 or 5 over Win-NT or 2K.

Not surprisingly, Microsoft IIS is quite popular among carders, because its got lots and lots of holes, and because its often used by people who lack the technical know-how to bung them. It’s easy to use, which makes it particularly attractive for those who want to break into e-commerce on a shoestring, and particularly attractive as well for those who just want to break in.

[via Computer security news]

Category: LINKS, security | Comment |