View Full Version : Spamwatch

04-12-2004, 10:43 AM
For all interested users here is a new Australian site called Codefish Spam Watch the site id is
here. (http://spamwatch.codefish.net.au/)

Extract from site is

Welcome to the Code Fish Spam Watch site. This site is dedicated to following and exposing spam scams including:

Spam that attempts to fool people into giving up bank details (otherwise known as phishing)
Spam that lures people to launder money for spammers
Spam that attempts to infect people with trojans
Spam that attempts to make real websites/companies look bad
Spam we just find funny

Edit. Corrected url.

04-12-2004, 06:29 PM
Link doesn't work! George.:rolleyes:

04-12-2004, 11:31 PM
I went to that site and got a virus when the page loaded.
NAV popped up and said it was in my Opera cache folder (temporary) and was called opr017WF.htm.
The virus was Bloodhound.Exploit.6 (http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.exploit.6.html)

I emptied my folder and closed the browser and tried again and got it again.
I also tried the link in Internet Explorer and did not get a NAV pop-up. I wonder if that's only because I disabled Active Scripting in the Internet Zone and had Java Script enabled in Opera?
{EDIT} I tried a third time in Opera with Java and Java Script disabled and got it a third time in Opera.

I believe it used the Blended Threat method.

Blended Threat
Blended threats combine the characteristics of viruses, worms, Trojan Horses, and malicious code with server and Internet vulnerabilities to initiate, transmit, and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. Characteristics of blended threats include:

Causes harm: Launches a Denial of Service (DoS) attack at a target IP address, defaces Web servers, or plants Trojan Horse programs for later execution.
Propagates by multiple methods: Scans for vulnerabilities to compromise a system, such as embedding code in HTML files on a server, infecting visitors to a compromised Web site, or sending unauthorized email from compromised servers with a worm attachment.
Attacks from multiple points: Injects malicious code into the .exe files on a system, raises the privilege level of the guest account, creates world read and writeable network shares, makes numerous registry changes, and adds script code into HTML files.
Spreads without human intervention: Continuously scans the Internet for vulnerable servers to attack.
Exploits vulnerabilities: Takes advantage of known vulnerabilities, such as buffer overflows, HTTP input validation vulnerabilities, and known default passwords to gain unauthorized administrative access.

04-12-2004, 11:45 PM
Here is the Alert the third time. There is absolutely no doubt that it came from going to that webpage in your link.

04-13-2004, 09:06 AM
Thanks for the info. I use IE without Java and will report the virus to the author and get hold of another m/c with Opera and test the site.

04-13-2004, 10:16 AM
Thanks....let me know what you hear. It was no biggie because I just went in and deleted the file and came up clean afterwards, but just a warning to others.

04-18-2004, 11:06 AM
Over the weekend the site has been rebuilt, so could you give this another test and see if the virus is still there, it does not appear with IE.