RFI Attacks

Suspected Attacks 468168

[Details]


17,400 sites affected by Fx29 – RFI pt2

For my next installment on RFI attacks we will look at the extremely popular FX29 shell. To find if you or someone else has been compromised with this shell search for the following: intitle:”FaTaLisTiCz_Fx” At the time of writing this, the above search query returns 17,400 matches which certainly indicates the prevalence of this shell. [...]

Share
May 17th, 2009 | Tags: , , , | Category: Intelligence, Malware scripts and other formats | Leave a comment

Remote File Inclusion Attacks – pt1

One of the constant threats out on the internet are Remote File Inclusion (RFI) attacks. This class of threat is simple to execute and can yield very valuable results to the attacker. With the multitude of web applications out there, there are constantly new vulnerabilities discovered. The subject is rather large so I will have [...]

Share
May 14th, 2009 | Tags: , , , , | Category: Intelligence, Malware scripts and other formats | One comment

Sources of Badness – ZlKon – Round 2

It’s my first day back on the job and I decided to do a little hunting to see what this notorious hosting provider has been up to while I was gone. Unsurprisingly, we saw a large number of attacks from this hosting company. They all appear to be fake anti virus related. Given the age [...]

Share
May 12th, 2009 | Tags: , , | Category: Intelligence, Malware Binaries (exe/dll) | 2 comments

Sources of Badness – ZlKon

After a weekend hiatus, I’m back with the next host of interest – ZlKon. role: ZlKon HostMaster address: Lilijas iela 4-74 address: Riga, LV-1055 address: Latvija phone: +371 26330593 e-mail: hostmaster@zlkon.lv admin-c: AD5952-RIPE tech-c: AD5952-RIPE nic-hdl: ZK508-RIPE mnt-by: ZLKON-MNT changed: hostmaster@zlkon.lv 20081125 source: RIPE abuse-mailbox: abuse@zlkon.lv Based in Latvia, Zlkon seems to have a high [...]

Share
December 15th, 2008 | Tags: , , , | Category: Intelligence, Intrusion Detection, Malware Binaries (exe/dll) | 3 comments

Sources of Badness – LeaseWeb

**Edit 2** I’d like to thank LeaseWeb for taking the time to respond to this post. It’s great to hear that they take action quickly once informed of abuse. I found it surprising that they would receive reports of malware and other nefarious activity but with no substantiating evidence. The “fire and forget” mentality of [...]

Share
December 11th, 2008 | Tags: , , | Category: Intelligence, Intrusion Detection, Malware Binaries (exe/dll) | 3 comments

Analyzing a malicious pdf – Troj/PDFJs-A

I picked up a copy of a malicious pdf a week or so ago that was trying to infected a workstation. Lets crack it open and see what’s inside. Virus Total MD5: bccb814a5bcba72be31cdaf4e8805a7b Filename: pdf.pdf Simply running the file command on the pdf returns the following: pdf.pdf: PDF document, version 1.4 Running strings on pdf.pdf [...]

Share
September 4th, 2008 | Tags: , , , | Category: Malware Binaries (exe/dll), Malware scripts and other formats, Reverse Engineering | Leave a comment
« Newer Entries  
  Older Entries »