[BlueOnyx:03358] Re: Gumblar
Colin Jack
colin at mainline.co.uk
Sun Jan 17 06:28:08 -05 2010
As I understand it... Infected users computers are mined for FTP
passwords, then the virus phones home with the info, then another
computer does the site hacking with the FTP credentials...
Jeff
On Jan 16, 2010, at 6:58 AM, Alan Kline wrote:
Yes - our logs showed multiple logins for the infected sites. It looks like there is a large 'team' of hackers responding to the info being fed back. We had about 30 logins in a very short space of time by 'modifiers' on each site ..
CJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20100117/a11ece28/attachment.html>
More information about the Blueonyx
mailing list