Hi folks,
Poor old Texas. Not only did hurricane ike hit them really hard, but it seems that at least of pages on the Texas National Guard website are hacked. If you visit the wrong page, it reaches out to a website, probably in Russia (can't confirm it, because the isp for the host is not answering whois queries), and is installing a rootkit, if you're not patched. Now, here are a few screenshots, just for interest's sake, but _DON'T GO_ to any of these sites unless you know what you're doing!
Here's what the initial screen looks like (more or less) when you visit it with a normal webbrowser ...
Looks pretty normal, but if you have some good debug tools, you find it's actually reaching out to somewhere strange ... add-block-plus.net, which in turn reaches to a couple of other places (you should be able to click the image to see it full-size)...
and if you're not patched, when you close your browser, you find that your desktop has changed, and now looks like this ...
Gosh! Spyware!? Who'd have thought it?!?!? Of course, anybody who watches this stuff a bit knows that this machine is now hopelessly nailed, and code has been installed in the background, and their pitch is that they'll remove it for a meer $49.95, and insert your credit card number here, please.
And, of course, now that they've got your machine, they're not going to let it go until they've got what they want, because they've installed a rootkit...
It just seems a bit ironic that when Texas has been hammered so hard by the hurricane, the guys that are probably helping out the most have been hacked. The poor Texas National Guard needs to find how the Bad Guys got in, and then plug that hole.
It's a dangerous world out there folks... keep safe!
Cheers
Roger
Comments