Starting sometime around November 6th, many attacks were observed coming from strangely named domains such as us.bf9.info, us.bp0.info, us.bn3.info, etc. The attackers employed some code splitting techniques to make their scripts more stealthy by moving suspicious shellcode from inside the primary exploit script to a secondary script. The attacks were being delivered through advertisements which [...]
|
|||||
|
A couple of days ago I was investigating an attack that a reader submitted to me that was related to the recent nine ball attacks as reported by WebSense. (Part 1 | Part 2) As a follow up to my previous post, here is the next video depicting the second portion of the attack. For URLs, Virustotal results, etc refer back to Part 1. All analysis is conducted with Malzilla. To give you some additional insight into the attack, I am also able to share the contents of a hacked [...] A reader was gracious enough to share some information with me on the events surrounding the compromise of a website of his. The site was compromised via stolen FTP credentials which has been a technique employed by major Internet threats such as Gumblar and Nine-ball recently. This will be a two part post. While this is not totally new, I only recently came across my first event involving a one click host servingĀ malware. What is one click hosting? These are providers which you have probably heard of before such as RapidShare, Megaupload, yousendit and many many more. Wikipedia has a listing of many of them. These providers [...] My RSS reader alerted me today to another wave of mass website compromises from Web Sense. Hungry for more information I decided to dig in to reveal the details that, as always, have been left out. |
|||||
|
Copyright © 2010 Andrew Martin - All Rights Reserved |
|||||