[thelist] Hacked by kerem125

Mark Groen evolt at markgroen.com
Fri Feb 2 08:50:17 CST 2007

On Friday 02 February 2007 06:36, Chris Dempsey wrote:
> Hey all,
> We got a call today about a website which belongs to a company that one of
> our guys is a Director of.  The site is handled entirely by another company
> but as our guy is on holiday and can't help I took a quick look at it.
> Domain in question is www.inandaboutayrshire.com and it now redirects to
> http://killit.us/kerem.htm
> A Google search for kerem125 reveals several sites that have been spidered
> as having been hacked by the same group but have now been restored to the
> correct site.

He's not as busy as someone like cwings, but working at it. Even higher 
profile sites like the Nokia Canada site (day before yeterday(?), it gut Dugg 
and essentially that turned it into something like a drive-by DDOS) are 
vulnerable through the code that the public interfaces with the back end 
through. Forms, search queries, customer log-ins, basically anywhere that 
there is a ? in the URL is going to be checked out by hackers sooner or 

Here's where one of the "clubs" reside, and your person's current record:

If you go to any of the types of web sites as linked above, with IE, please 
have activeX "off" or the "prompt" setting and if you're prompted for 
ActiveX, say no, you've been warned.


More information about the thelist mailing list