Comments on: Another Mass Attack Underway

By: Website headers simple

Website headers simple — Tue, 07 Feb 2012 11:10:13 +0000

A comprehensive quantity of scientific studies are put into seo services by pros since these goods will be the power with regard to web site traffic. rUnning headers, game titles, and the website …

By: Maeven

Maeven — Wed, 19 Mar 2008 20:08:45 +0000

So, how can an ordinary user recognize if their computer is infected with this virus/trojan? Is there a file name we should be looking for in the Task Manager or elsewhere?

By: Aa'ed Alqarta

Aa'ed Alqarta — Tue, 18 Mar 2008 20:47:56 +0000

System admins should be ready to prevent their clients from getting exploited and redirected to those malicious domains.

check here: http://extremesecurity.blogspot.com/2008/03/iframe-attacks-actions-to-be-taken.html

By: Craig Schmugar

Craig Schmugar — Tue, 18 Mar 2008 16:52:54 +0000

Blind SQL injection was used to attack ASP applications. The vulnerability is in the coding of the applications and improper sanitization of input parameters.

More details are available here:
http://blogs.technet.com/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx

By: eric

eric — Tue, 18 Mar 2008 05:06:46 +0000

So is it a common web server software that is being hacked, apache, iss what have you?

By: Jan de Kruyf

Jan de Kruyf — Sat, 15 Mar 2008 11:17:40 +0000

# Bas Groot Says:
March 14th, 2008 at 12:19 am

How did they break into the website? If it is automated, it must be a widely spread exploit that is worth reporting.
—————————————————————-

It is automated, it comes from europe, holland and france the last time I checked, and it is indeed aimed at certain routers. There was a general discussion about 3 years back on the net.
From my analysis they request a specific file on this router “/cgi-bin/firmwarecfg” if they are the first running it then it leaves the whole system wide open since they have access to all info in the router or something like that. In any case complaints to my provider or the provider from whose network some of the attacks originate have not been answered whatsoever.

Peace

Jan de Kruyf.

By: Craig Schmugar

Craig Schmugar — Fri, 14 Mar 2008 19:25:02 +0000

There’s not much to see…the drive by can cause IE to hang, and the payload doesn’t display anything.

By: curious

curious — Fri, 14 Mar 2008 18:28:38 +0000

could mcafee show us a video demo of this attack in action, similar to the video for the phpBB hack?

Thanks.

By: Toralv Dirro

Toralv Dirro — Fri, 14 Mar 2008 12:28:06 +0000

That is an attempt to exploit a 3 year old vulnerability found in some DSL routers if remote management is enabled and is very likely not related to the Mass Hack Attacks.

cheers,
Toralv

By: Bas Groot

Bas Groot — Fri, 14 Mar 2008 08:19:58 +0000

How did they break into the website? If it is automated, it must be a widely spread exploit that is worth reporting.