Threat Level: green Handler on Duty: John Bambenek

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-08-26 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Targets of the day

Published: 2007-08-26
Last Updated: 2007-08-26 22:13:44 UTC
by Pedro Bueno (Version: 1)
0 comment(s)


So, on a sunday morning, I was watching some hacker activities.


These hackers were doing the following pattern:

- Using bots based on Perl
- Querying Google for parts of the urls that may identify some applications, using the "inurl:" parameter.
- Scanning the Google results sites for vulnerable applications
- Exploit those applications in a way to run remote commands on the machine, giving orders like download additional software to the machine, like the same perl bot.

As the "plat du jour" , the following services/applications were being scanned, using google:

- modules/tinycontent
- flashchat
- /xgallery/
- webcalendar

So, if you use any application that contains these strings in the url that makes easy for them to find your site, beware and check for additional updates on these applications!

---------------------------------------------------------------------------------------

Pedro Bueno < pbueno //&&// isc. sans. org >

Keywords:
0 comment(s)
Diary Archives