I’m a few days late for posting this but the HostExploit team has produced another report, this time on an attack dubbed “MalFI” for malicious file inclusion. This encompasses remote file inclusion (RFI), local file inclusion (LFI) and Cross Server Attack (XSA). The report had been in the works for quite some time and while I was not a main author this time, Jart Armin and Scott Logan worked with me to interpret and use my honeypot data that I’ve been collecting over the last several months.
Rather than rehash the purpose for the report, here’s an excerpt from the abstract:
MALfi “A Silent Threat”
What is it all about, MALfi? A blended threat currently detected on around 350,000 websites &
Internet servers. One major purpose is to establish, “use once and throw away” disposable
botnets for spam, phishing, DDoS and exploits.
Full Report (public version) download PDF – hostexploit Download page = http://bit.ly/eoO4C
Abstract / Press Release
MALfi is a holistic and descriptive term applied to adequately describe the recent blended attack
utilized by hackers and cyber criminals to compromise websites and servers. This is
combination of RFI (remote file inclusion), LFI (local file inclusion), XSA (cross server attack),
and RCE (remote code execution).
Conservative estimates over recent months indicate around 350,000 affected websites and
servers worldwide. hostexploit and associated researchers have tracked 103,351 attacks,
involving 2,743 unique IP addresses, with 85 countries involved in RFI scanning and 911 ASNs
involved.
Check out the report for our research and findings. A more detailed version will also be made available to key members of the security and law enforcement communities.
View full post on Andrew Martin
Related Posts
- The Top 50 Bad Hosts – Another Report by HostExploit
Jart and Scott from HostExploit (http://hostexploit.com/) have put together another paper on bad hosting providers, this time giving an overview of 50 that host a great deal of malicious code. The ran... - Major Report Coming via HostExploit team
It’s been awhile since I posted unfortunately, but it’s not due to a lack of attacks to talk about! Some time ago I was approached by the Host Exploit open source security research group... - How to report a Facebook scam
At some point in your life, one or several of the Facebook scams out there might affect you enough to look for ways on how to report them and go on a vendetta rampage against the scam creator. I... - Another Adobe Flash Zero-Day Found, Embedded in Word Documents
An exploit for another zero-day vulnerability in Adobe Flash Player was very recently found just a couple of weeks after Adobe patched a similar critical vulnerability, which was actively exploited an... - How to access my home computer from another PC? Learn with Panda Security
Published by Blanca Carton, Abril 2011
How many times you wished you could have accessed documents stored in your home PC when you were out? In my case, many. And I hate to say “I cannot send it right... - BSNL, Bangalore website yet another victim of malicious code injection
BSNL, Bangalore telecom district has become yet another victim of poor website security and has been infected with malicious JavaScript code. This time, the code points to a malicious domain used by t... - Another day, another PS3 security story
Not so long ago, we heard news of a “Playstation 3 rootkit” which turned out to be rumours based on misinterpretation of comments made in IRC.Today, we wake up to the alleged rel... - Another Facebook phishing scam run
Phishing scams in Facebook. It's not new and it's not sophisticated. But they still catch the unwary and they're still happening now, with only minor tweaks in tactics.
End 2010, we saw a run of ph... - Another round of bots for MSRT
This month we add another bot to the MSRT family list – Win32/Cycbot. Cycbot was discovered in August 2010 and has quickly become prevalent.
It seems that Cycbot’s creators called it &ldqu... - HOW TO REPORT INTERNET CRIME
With the globalization of organized crime via the Internet, increasing numbers of people are being subjected to crime. The resources available to local law enforcement organizations to respond to the...
Posted on 03 May 2010. Tags: another, HostExploit, Introducing, MalFI, Report
