[lisppaste-requests] [dancy at franz.com: Malaysian Computer Emergency Response Team: Re: [MyCERT-200909301045847] CEWS: Reporting incident - RFI hosting]
Nick Levine
ndl at ravenbrook.com
Wed Sep 30 20:19:51 UTC 2009
Hi.
This one's either for you or for the bin (I'm not bothered which).
- nick
------- Start of forwarded message -------
To: alu-board-only at alu.org
cc: ndl at ravenbrook.com
Subject: Malaysian Computer Emergency Response Team: Re: [MyCERT-200909301045847] CEWS: Reporting incident - RFI hosting
Date: Wed, 30 Sep 2009 09:03:08 -0700
From: Ahmon Dancy <dancy at franz.com>
This appears to be legitimate (i.e., do not visit the paste.lisp.org
URL below in a browser).
- ------- Forwarded Message
Date: Wed, 30 Sep 2009 09:11:47 +0800
From: Malaysian Computer Emergency Response Team <mycert at mycert.org.my>
To: domainmanager at franz.com
Subject: Re: [MyCERT-200909301045847] CEWS: Reporting incident - RFI hosting
- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Administrator,
Regarding the above matter, you received this email because you are
listed as the contact for the domain name in the whois lookup.Please
let us know if you are no longer the point of contact for this IP
address for our record.
What is Remote File Inclusion (RFI)?
- - - ------------------------------------
Remote file inclusion or commonly known as RFI is a form of attack where
the attacker try to inject their own code inside the web applications. If
an attacker can successfully achieve this, they will be able to execute any
code they wish on the web server.
More details at: http://www.mycert.org.my/en/resources/web_security/main/main/d
etail/662/index.html
MyCERT is aware that a host under your administration is hosting a malicious
script used in an RFI attack.
Domain Name = paste.lisp.org
Ip = 208.72.159.207
ASN =
Country = US
File/s below is/are exist as last check on Wed Sep 30 04:37:26 +0800 2009
1 - http://paste.lisp.org/display/87891,1/raw
In addition, please investigate your machine for any indications of
compromise. If the machine is confirmed to have been compromised, please
disconnect it from the network and do the necessary before getting it back
online.
If you are not the right point of contact to deal with this incident then we
would appreciate it very much if you could forward this to the correct party.
Furthermore, if you are already aware of this incident then we would like to
apologize for the inconvenience.
We appreciate your prompt response and welcome your feedback. Thank you in
advance for your assistance.
**************************************************************
For correspondence regarding the above issue, please retain
the above subject header: [MyCERT-200909301045847] to ensure
effective response.
**************************************************************
Regards,
- - - -------------------------------------------------------------------------
MyCERT provides free technical advises to local organizations and
individuals pertainingt to computer/system/network security and incident
response.
- - - ----------------------------------+--------------------------------------
Malaysian Computer Emergency | E-mail: mycert at mycert.org.my
Response Team | Cyber999 Hotline: 1 300 88 2999
(MyCERT) | Fax: (603) 8945 3442
CyberSecurity Malaysia | Phone: (603) 8992 6969
Level 7, Sapura at Mines | Office hour: 0830-1730 MYT (Mon-Fri)
7, Jln Tasik, The Mines | 24x7 Phone: 019-266 5850
Resort City, 43300 Seri Kembangan | SMS: 019-281 3801
Selangor. MALAYSIA | URL: http://mycert.org.my/
- - - ----------------------------------+--------------------------------------
Disclaimer
The information transmitted in electronic mail messages sent from mycert.org.my
domain is intended only for the person(s) or entity(ies) to which it is
addressed, represents the views/points of MyCERT and may contain information
extracted from various other reliable sources on security issues. MyCERT
therefore does not accept liability for any errors, or omissions in the content
s
of this message, which arise as a result of e-mail transmission and consequence
s
due to mis-applying of the technical solutions/steps provided. If you have
received this email by mistake, please notify MyCERT at +603 8992 6969 or email
us at mycert at mycert.org.my
- - - -------------------------------------------------------------------------
- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKwrBT0BAFcIK27XERAvYmAJ9mCppbPLsjoXiZs1Fuh45oyKL39wCfRUS+
kvJEh41QeJ5KiV5tV/uqWf8=
=Qu47
- - -----END PGP SIGNATURE-----
- ------- End of Forwarded Message
------- End of forwarded message -------
More information about the lisppaste-requests
mailing list