Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Targets of the day - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Targets of the day


So, on a sunday morning, I was watching some hacker activities.


These hackers were doing the following pattern:

- Using bots based on Perl
- Querying Google for parts of the urls that may identify some applications, using the "inurl:" parameter.
- Scanning the Google results sites for vulnerable applications
- Exploit those applications in a way to run remote commands on the machine, giving orders like download additional software to the machine, like the same perl bot.

As the "plat du jour" , the following services/applications were being scanned, using google:

- modules/tinycontent
- flashchat
- /xgallery/
- webcalendar

So, if you use any application that contains these strings in the url that makes easy for them to find your site, beware and check for additional updates on these applications!

---------------------------------------------------------------------------------------

Pedro Bueno < pbueno //&&// isc. sans. org >

Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!