|
|||||
|
A couple of days ago I was investigating an attack that a reader submitted to me that was related to the recent nine ball attacks as reported by WebSense. (Part 1 | Part 2) The attackers use the same techniques to exploit victims but this time have moved to new domains and updated their payloads. [...]  It’s been awhile since I posted unfortunately, but it’s not due to a lack of attacks to talk about! Some time ago I was approached by the Host Exploit open source security research group and they asked me if I would help contribute to their efforts. This is the group that put together research that [...] In a previous post I discussed using the technique of watching for the transfer of executable files around the network as a method of intrusion detection. This is a great way of discovering machines that were attacked where IDS failed to detect the exploit(s) due to obfuscation. Another method I’d like to highlight is looking [...] My RSS reader alerted me today to another wave of mass website compromises from Web Sense. Hungry for more information I decided to dig in to reveal the details that, as always, have been left out. Summary This attack appears to be brought to us courtesy of the attackers behind Gumblar. The malware involved and [...] As I was perusing my logs today on a lazy Sunday afternoon I found I was being attacked by more RFI bots than usual. To my surprise I realized it is because of my previous post on controlling RFI bots. In my last post I included a dork that is frequently scanned for, and in [...] Lets delve a little deeper into the Osirys IRC bot which I initially discussed in part 1. First I will illustrate how the attacker finds and exploits web servers, then I will discuss how ISPs can get involved and remove these bots from their networks. First the attacker issues a command to the bot to [...] |
|||||
|
Copyright © 2012 Andrew Martin - All Rights Reserved |
|||||
