Just stumbled onto a DDOS bot written in java. Usually there aren’t too many malicious programs for java so I decided to take a closer look. The code quality is about as bad as in the previous entry that depicted the PHP DDoS Bot, but I think the java version has more potential to grow into a problem. Read the rest of this entry »
Every so often I run into some new evil that interests me enough to take a deeper peek. This time a DDOS bot written in PHP caught my eye. I haven’t seen this in the wild anywhere, but it’s still quite interesting. Read the rest of this entry »
Getting spam with attached malware isn’t anything new. Usually I just dispose the junk mails but every now and then I see a spam message that looks interesting enough to dig further. Today’s example is a spam mail that claimed to be a reply to a message I allegedly sent. The body of the message was like this: Read the rest of this entry »
Running a blog means that the software is constantly under a barrage of exploit / spam attemps, as is the case with any webservice.
I have a few hooks and traps spread around to sniff out what’s coming in, especially in HTTP POSTs. So, without further ado the following items are from a trap that’s logging trackback spams:
I was going through my access logs to see what nasties have been thrown at me since the last time.
Amongst the normal enter_your_RFI_exploit_here I saw this script being pushed onto the server:
I was checking out the various RFI (Remote File Inclusion) exploits thrown at my site when I saw an exploit file that was heavily obfuscated. I meddled with the code a bit and got it to reveal the C&C servers:
I just noticed some weird HTTP requests on my site. It seems that someone is trying to exploit a remote file inclusion in some software. Normally I wouldn’t blink my eyes on these, but it seems that the vulnerability is in the PHPSESSID variable. I’ve got no idea which software these belong to though. Here are some examples:
I spotted a nice incoming link regarding The Onion Router (TOR). This time an exit-node was caught modifying SMTP server capabilities, stripping out the TLS capability (encryption) so that connecting clients will be forced to send out everything as clear-text.
The MBR rootkit has been in the news a bit lately. Packing ancient evil, the beast modifies the MBR (Master Boot Record) to bootstrap itself and to rootkit the whole Operating System. Read the rest of this entry »
[quote]
TV presenter Jeremy Clarkson has lost money after publishing his bank details in his newspaper column.
The Top Gear host revealed his account numbers after rubbishing the furore over the loss of 25 million people’s personal details on two computer discs.
He wanted to prove the story was a fuss about nothing.
But Clarkson admitted he was “wrong” after he discovered a reader had used the details to create a £500 direct debit to the charity Diabetes UK.
[/quote]
You can view the whole article here.