|
|||||
|
While this is not totally new, I only recently came across my first event involving a one click host serving malware. What is one click hosting? These are providers which you have probably heard of before such as RapidShare, Megaupload, yousendit and many many more. Wikipedia has a listing of many of them. These providers [...]  In a previous post I discussed using the technique of watching for the transfer of executable files around the network as a method of intrusion detection. This is a great way of discovering machines that were attacked where IDS failed to detect the exploit(s) due to obfuscation. Another method I’d like to highlight is looking [...] My RSS reader alerted me today to another wave of mass website compromises from Web Sense. Hungry for more information I decided to dig in to reveal the details that, as always, have been left out. Summary This attack appears to be brought to us courtesy of the attackers behind Gumblar. The malware involved and [...] Gumblar compromises clients using 2 different exploits. The first is a Adobe Acrobat PDF exploit CVE-2008-2992 and the second is a Adobe Flash exploit. Unfortunately I haven’t been able to figure out which Flash exploit is employed as decoding flash is not an expertise of mine. Here is the Wepawet output of the exploit script [...] Lets take a look at a facebook phish I received recently. I received this message from a friend: XXXXX sent you a message. Subject: Hi “Look at bestspace.be” I’ve included a screenshot of the site below, note that it looks like the facebook login page complete with poor spelling of “helps”. The form sends your [...] I first found out about Gumblar a couple days ago via one of Scan Safe’s blog posts. Responsible for 42% of “all malicious infections found on websites” (Sophos) during a 7 day period, Gumblar (JSRedir-R) has been extremely effective at propagating. Many bloggers have been focusing on the script involved in the attack, not so [...] |
|||||
|
Copyright © 2012 Andrew Martin - All Rights Reserved |
|||||
