[LINK] It would appear that Hacking is now going Corporate....

Tom Koltai tomk at unwired.com.au
Sat May 8 06:33:18 AEST 2010

Some linkers would be aware that over the last month I have been
blogging about a number of issues relating to misleading reports
emanating from paid European and American Economists. The reports have
been interesting reading to say the least.
Yesterday morning I posted an article that suggested that MS Dos and
Windows were the most pirated software in the world. However I also did
the numbers of actual global computer shipments minus total windows and
Dos licences and wound up about 2.4 billion short. So then I asked the
question, how is it that the most pirated software in world has as it's
owner/author/publisher the largest corporation in the world and surely
the act of piracy was what drove the pc industry in the early "getting
up to speed days".

Well someone didn't like my article. By Lunchtime yesterday I was being
seriously ping-flooded with latency exceeding 5 minutes to load a page
of text.

I then started looking through my log files, as you do when a-hunting
ping flooders and I discovered some seriously interesting facts,
resulting in me examine the PHP headers on my site and then taking the
site down.

I have a temp page up that tells the story at http://kovtr.com and an
interesting story it is too..... Here is an excerpt summary.....

At 1:12 am on the 7th of May, an employee of Envisional or a contractor
sanctioned by the owner of IP number [] that in-addr-arpa
resolves as dedi158-145.envisional.net did cause a script to be executed
on KOVTR.com that altered approximately 224 PHP files in the Wordpress
area of KOVTR and caused them to be infected with a downloadable virus

The insertion code in the PHP files starts <?php /**/
eval(base64_decode("aWYoZnVuY3R. and is executed by the browser on the
client side to binary decode the virus to install in the registry of the
reader of the content causing the above popup "fake MALWARE" warning.
The Registry entry looks like this and should be removed using Run,
regedit with the reference in the picture below being the appropriate
location in the registry that requires removal. The file has no name -
yet, and will only execute on reboot or power cycling

Whilst there is the tiniest possibility that they were not the ones that
placed the file on KOVTR, our system log files confirm that theirs was
the only IP number that spanned the period of the PHP script execution
and the time stamps on the altered PHP files.

Their action can only understood by comparing it to a zealot religious
Proctor, circa 1650 in Olde England that would enter your home looking
for books that were on the list prohibitum of Holy Mother Church and
burning them. However, we would add that the Priests had a carte blanche
by the populace who accepted that the book burnings of salacious
materials were for their own good.

We sincerely doubt that any such comparable arrangement/defacto
agreement now exists between the worlds Internet users and Envisional
Ltd and their employer/clients, namely Warners, Sony, IFPI, Microsoft
MPAA Vivendi/NBC Paramount and Fox.

Additionally, the Priests didn't leave behind nice little virus Easter
eggs that would cause the users of the Internet that chanced upon KOVTR
to become infected with Malware that was extremely difficult to get rid

Our opinion is that this activity borders on criminal malfeasance and is
certainly in contravention of Australian Federal laws on illegal entry
into a computer system and alteration of data thereon. Older readers
would remember the Ausnet Services Hacking incident where the
perpetrator received a three year jail term for a similar break and


So I just have one question linkers... What is it about me that makes
people want to hack my computers????
OK, that was rhetorical. 


No viruses found in this outgoing message
Scanned by iolo AntiVirus

More information about the Link mailing list