Jart and Scott from HostExploit (http://hostexploit.com/) have put together another paper on bad hosting providers, this time giving an overview of 50 that host a great deal of malicious code. The ranking is based on a mathematical calculation, which is included in the report. To be absolutely clear, these providers are not knowingly acting as [...]
|
|||||
|
Starting sometime around November 6th, many attacks were observed coming from strangely named domains such as us.bf9.info, us.bp0.info, us.bn3.info, etc. The attackers employed some code splitting techniques to make their scripts more stealthy by moving suspicious shellcode from inside the primary exploit script to a secondary script. The attacks were being delivered through advertisements which [...] I’m a few days late for posting this but the HostExploit team has produced another report, this time on an attack dubbed “MalFI” for malicious file inclusion. This encompasses remote file inclusion (RFI), local file inclusion (LFI) and Cross Server Attack (XSA). The report had been in the works for quite some time and while [...] With all the talk about Chinese malware authors and groups of attackers supposedly sponsored by governments out there, I thought I would publish a find of mine from back in 2007. Excellent research has been done on this topic with one of the most interesting events being the discovery of GhostNet. MessageLabs wrote a nice report summarizing key events from August and it turns out our work was more widely felt than believed. Apparently part of Cutwail’s C&C infrastructure resided inside Real Host’s network. When they got cut off, SPAM levels dropped but only briefly since there were more C&Cs elsewhere to pick up the [...] Now that the report has hit mainstream media outlets, I am pleased to report that Real Host has been taken down. Score another one for the good guys! |
|||||
|
Copyright © 2010 Andrew Martin - All Rights Reserved |
|||||