PHP.net compromised and used to attack visitors

Discussion in 'malware problems & news' started by siljaline, Oct 25, 2013.

Thread Status:
Not open for further replies.
  1. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    http://www.networkworld.com/news/2013/102513-phpnet-compromised-and-used-to-275241.htmlhttp://www.cso.com.au/article/530058/php_net_compromised_used_attack_visitors/
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  4. harsha_mic

    harsha_mic Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    791
    Location:
    India
    More info from Blaze's Security Blog - http://bartblaze.blogspot.com/2013/10/phpnet-compromised.html

    At the end -
    - You can see md5 of the samples, and quick look in virustotal gives an idea what antivirus programs blocks the payload with sign...
    - Prevention measures for Firefox/Chrome -- Use noscript/notscript, i guess it prevents redirecting to malicious servers by blocking the execution of userprefs.js ( can anyone confirm? )

    Thanks, Harsha.
     
    Last edited: Oct 26, 2013
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    http://php.net/archive/2013.php#id2013-10-24-2
     
  6. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,198
    Location:
    Surrey, England.
    http://www.seculert.com/blog/2013/12/dga-changer-malware-changing-seed-to-evade-sandbox.html
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    *Thanks @ Dermot7
    Unique malware evades sandboxes
    http://www.cso.com.au/article/534661/unique_malware_evades_sandboxes/
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    According to the Seculert researcher;
    The security technology inside the sandbox is failing in isolating suspicious files and thus the sandbox technology is bypassed.
    That hardly warrants the description of malware 'bypassing sandbox technology'.
    More like; 'Klutz security technology won't prevent suspicious files from leaving the sandbox technology if you tell it to allow all files deemed 'Not bad' by Klutz'.
     
Loading...
Thread Status:
Not open for further replies.