Jart and Scott from HostExploit (http://hostexploit.com/) have put together another paper on bad hosting providers, this time giving an overview of 50 that host a great deal of malicious code. The ranking is based on a mathematical calculation, which is included in the report. To be absolutely clear, these providers are not knowingly acting as [...]
|
|||||
|
Starting sometime around November 6th, many attacks were observed coming from strangely named domains such as us.bf9.info, us.bp0.info, us.bn3.info, etc. The attackers employed some code splitting techniques to make their scripts more stealthy by moving suspicious shellcode from inside the primary exploit script to a secondary script. The attacks were being delivered through advertisements which [...] Now that the report has hit mainstream media outlets, I am pleased to report that Real Host has been taken down. Score another one for the good guys! A couple of days ago I was investigating an attack that a reader submitted to me that was related to the recent nine ball attacks as reported by WebSense. (Part 1 | Part 2) As a follow up to my previous post, here is the next video depicting the second portion of the attack. For URLs, Virustotal results, etc refer back to Part 1. All analysis is conducted with Malzilla. To give you some additional insight into the attack, I am also able to share the contents of a hacked [...] A reader was gracious enough to share some information with me on the events surrounding the compromise of a website of his. The site was compromised via stolen FTP credentials which has been a technique employed by major Internet threats such as Gumblar and Nine-ball recently. This will be a two part post. |
|||||
|
Copyright © 2010 Andrew Martin - All Rights Reserved |
|||||