I’m a few days late for posting this but the HostExploit team has produced another report, this time on an attack dubbed “MalFI” for malicious file inclusion. This encompasses remote file inclusion (RFI), local file inclusion (LFI) and Cross Server Attack (XSA). The report had been in the works for quite some time and while I was not a main author this time, Jart Armin and Scott Logan worked with me to interpret and use my honeypot data that I’ve been collecting over the last several months.
Rather than rehash the purpose for the report, here’s an excerpt from the abstract:
MALfi “A Silent Threat”
What is it all about, MALfi? A blended threat currently detected on around 350,000 websites &
Internet servers. One major purpose is to establish, “use once and throw away” disposable
botnets for spam, phishing, DDoS and exploits.
Full Report (public version) download PDF – hostexploit Download page = http://bit.ly/eoO4C
Abstract / Press Release
MALfi is a holistic and descriptive term applied to adequately describe the recent blended attack
utilized by hackers and cyber criminals to compromise websites and servers. This is
combination of RFI (remote file inclusion), LFI (local file inclusion), XSA (cross server attack),
and RCE (remote code execution).
Conservative estimates over recent months indicate around 350,000 affected websites and
servers worldwide. hostexploit and associated researchers have tracked 103,351 attacks,
involving 2,743 unique IP addresses, with 85 countries involved in RFI scanning and 911 ASNs
Check out the report for our research and findings. A more detailed version will also be made available to key members of the security and law enforcement communities.