Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on). 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Vulnerabilities in Websites of 6 Antivirus Vendors enable Phishing Attacks
Posted by: Fugitif
Date: May 10, 2009 03:30PM

Symantec vs Kaspersky vs Eset-(Nod32) vs AVG vs F-secure vs Trendmicro

screen and proof of concept :)

http://nemesis.te-home.net/News/20090510_Vulnerabilities_in_Websites_of_6_Antivirus_Vendors.html



Edited 1 time(s). Last edit at 05/10/2009 03:30PM by Fugitif.

Options: ReplyQuote
Re: Vulnerabilities in Websites of 6 Antivirus Vendors enable Phishing Attacks
Posted by: wireghoul
Date: May 10, 2009 07:56PM

@Fugitif

Fyi, te-home.net looks like it got snapped up by a domainer and is currently parked...

[www.justanotherhacker.com]

Options: ReplyQuote
Re: Vulnerabilities in Websites of 6 Antivirus Vendors enable Phishing Attacks
Posted by: Vektor
Date: May 11, 2009 05:27AM

This is interesting... Since te-home.net was registered, nemesis was always pointing to one of my IP's, in one of Romtelecom's IP ranges (I host it). After reading your message I checked te-home.net domain and no settings were altered. So it probably is a name server problem.
I resolved it using 5 different name servers, these are my results:
> server dns1.inetia.pl
Default Server:  dns1.inetia.pl
Address:  213.241.79.37

> nemesis.te-home.net
Server:  dns1.inetia.pl
Address:  213.241.79.37

Non-authoritative answer:
Name:    nemesis.serveirc.com
Address:  89.123.178.203
Aliases:  nemesis.te-home.net

> server ns1.rdsor.ro
Default Server:  ns1.rdsor.ro
Address:  193.231.238.1

> nemesis.te-home.net
Server:  ns1.rdsor.ro
Address:  193.231.238.1

Non-authoritative answer:
Name:    nemesis.serveirc.com
Address:  89.123.178.203
Aliases:  nemesis.te-home.net

> server resolver1.opendns.com
Default Server:  resolver1.opendns.com
Address:  208.67.222.222

> nemesis.te-home.net
Server:  resolver1.opendns.com
Address:  208.67.222.222

Non-authoritative answer:
Name:    nemesis.serveirc.com
Address:  89.123.178.203
Aliases:  nemesis.te-home.net

> server jabber.errormessages.de
Default Server:  jabber.errormessages.de
Address:  89.238.64.148

> nemesis.te-home.net
Server:  jabber.errormessages.de
Address:  89.238.64.148

Non-authoritative answer:
Name:    nemesis.serveirc.com
Address:  89.123.178.203
Aliases:  nemesis.te-home.net

> server server.dwfhosting.nl
Default Server:  server.dwfhosting.nl
Address:  82.94.252.227

> nemesis.te-home.net
Server:  server.dwfhosting.nl
Address:  82.94.252.227

Non-authoritative answer:
Name:    nemesis.serveirc.com
Address:  89.123.178.203
Aliases:  nemesis.te-home.net

>

What name server did you use to resolve it? If a name server sends junk for one of the sites I host instead of sending my IP, I need to know.

Thanks.

Options: ReplyQuote
Re: Vulnerabilities in Websites of 6 Antivirus Vendors enable Phishing Attacks
Posted by: wireghoul
Date: May 11, 2009 06:56AM

@Vektor,

Must have been an upstream issue, unable to reproduce it now. None of the cached isp lookups I performed showed any deviation either. When I tried it this morning however I got the school teacher parking page (from Sedo?)

[www.justanotherhacker.com]

Options: ReplyQuote


Sorry, only registered users may post in this forum.