[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Fluffi Bunni Places Ads At Security Site
From:       InfoSec News <isn () c4i ! org>
Date:       2001-11-30 12:17:24
[Download RAW message or body]

http://www.newsbytes.com/news/01/172554.html

By Brian McWilliams, Newsbytes
ALEXANDRIA, VIRGINIA, U.S.A.,
29 Nov 2001, 4:29 PM CST
 
Banner ads promoting a notorious group of computer attackers known as
Fluffi Bunni today appeared at SecurityFocus.com, after the hackers
compromised a server operated by the leading security firm's
advertising partner.

The ad banner depicted the hacking group's mascot, a pink stuffed toy
rabbit, and the words "You think you know? You have no idea," and was
signed "Security Fluffi."

According to SecurityFocus Vice President of Engineering Alfred Huger,
the attackers breached the ad serving system operated by Thruport
Technologies at around 7 a.m. E.S.T. The bogus ads appeared on various
pages of the SecurityFocus site for a period of several hours before
the security firm modified the code in its Web pages and began serving
its own ads, Huger said.

Thruport officials did not respond to interview requests. According to
the company's Web site, Thruport offers software applications to
commercial portal owners, corporate Websites and Internet service
providers. Among the firm's products is an ad serving technology
called AdJuggler.

A directory at Thruport's site containing ad banners displayed at the
SecurityFocus site was still browsable this afternoon. Among the
banners were several copies of the one created by Fluffi Bunni,
according to Jay Dyson, an independent security consultant, who
categorized the breach as a "subversion of information" attack.

"This definitely ranks as one of the more elegant attacks I've seen in
a while. This wasn't the product of an impulsive act. It was carried
out with patience, perseverance, and a healthy dose of panache," said
Dyson.

According to Huger, Fluffi Bunni apparently exploited a recently
publicized vulnerability in OpenSSH, an authentication technology, to
take control of the Thruport server. At no time did the attackers
directly penetrate the security of the SecurityFocus site, he said.

"I'm thrilled that they didn't actually break into our site. We get a
lot of people knocking around our network all the time and I guess
they found a weak link with the banners. It's mostly just an
inconvenience," said Huger.

In addition to providing information security consulting services,
SecurityFocus publishes numerous information resources, including the
popular Bugtraq mailing list.

SecurityFocus is the latest of several high-profile security-related
organizations recently targeted by Fluffi Bunni. Last July, the
attackers defaced a site operated by the SANS Institute, a security
training and information organization, as well as the home page of
Attrition.org, a security information site.

A mirror of the Fluffi Bunni ad is at
http://defaced.alldas.de/mirror/2001/11/29/www.securityfocus.com .

SecurityFocus is online at http://www.securityfocus.com .



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn' in the BODY
of the mail.

[prev in list] [next in list] [prev in thread] [next in thread]