Sunday, May 14, 2006

CWS... wide open?

It was bound to happen, I guess. While doing the usual research for in-the-wild malware samples to send to antivirus/antitrojan vendors (ok, shut up, some hobbies are even dumber than this) I stumbled upon the classic site that the stupid admin left "wide open". The difference is, this was actually a Coolwebsearch hijacker remote admin site. Take at look at this:

This happens to ba remote console for the "hijacked" PCs, with IP, clicks, remote shutdown, etc. The page goes WAY down, in a few minutes I've seen this remote console reporting of 600-something hijacked PC online at the same time. Hum. Oh, yeah, the guys are so nice leaving everything wide open for us all to see. Thanks for your stupidity guys, now I've got:

- the hijacker malware sample that's gonna be sent to ALL the Antivirus companies in the World (apart from your own "rogue" trash, of course)

- a list of your sites that I didn't know of and that are gonna be added to my blocklist

I forwarded this to people who might be interested, too.


Post a Comment

<< Home