RFI Attacks

Suspected Attacks 229562

[Details]


Controlling an RFI bot – RFI pt3

Lets delve a little deeper into the Osirys IRC bot which I initially discussed in part 1. First I will illustrate how the attacker finds and exploits web servers, then I will discuss how ISPs can get involved and remove these bots from their networks.
First the attacker issues a command to the bot to begin [...]

June 4th, 2009 | Tags: , , , | Category: Forensics, Intelligence, Malware scripts and other formats, Uncategorized | One comment

17,400 sites affected by Fx29 – RFI pt2

For my next installment on RFI attacks we will look at the extremely popular FX29 shell.
To find if you or someone else has been compromised with this shell search for the following:
intitle:”FaTaLisTiCz_Fx”
At the time of writing this, the above search query returns 17,400 matches which certainly indicates the prevalence of this shell.
Here is what the [...]

May 17th, 2009 | Tags: , , , | Category: Intelligence, Malware scripts and other formats | Leave a comment

Remote File Inclusion Attacks – pt1

One of the constant threats out on the internet are Remote File Inclusion (RFI) attacks. This class of threat is simple to execute and can yield very valuable results to the attacker. With the multitude of web applications out there, there are constantly new vulnerabilities discovered. The subject is rather large so I will have [...]

May 14th, 2009 | Tags: , , , , | Category: Intelligence, Malware scripts and other formats | One comment