Some sites appear to have been hit by a sophisticated multi-part injection attack that triggers only once per IP (so difficult to track down). There are two injected elements, one is a .in site hosted on 85.17.222.80 [Leaseweb, Netherlands] which could be one of the following: sds.vaselisa.in dds.kiriloid.in drf.yerevano.in sddr.margarit.in cd.fancyclu.in There’s a pretty inconclusive […]
We have talked about the TimThumb WordPress plugin exploit before. If you haven’t read it yet, I recommend you read our previous post here: Vulnerability in TimThumb WordPress Plugins – The Effects.Today I found quite a few TimThumb related URLs when I was checking our Advanced Classification Engine detection feedback, so I ran one of them in the lab: Obviously, the […]
Last week, we announced our IPAbuseCheck lookup tool. We see lots of infected/abusive hosts on the Internet attempting to proxy abusive web transactions through our proxies. Rather than just ignoring these transactions, we’ve decided to provide this lookup utility for security professionals and organizations to query and identify abusive/infected hosts within their networks – based […]
Latest Comments