Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Virus Attack. Show all posts
Virus Attack
Antivirus Crowdsource Security CrowdStrike Cyber Security data security Microsoft Virus Attack

Global Outage Caused by Anti-Virus Update from Crowdstrike

 

A recent update from the anti-virus firm Crowdstrike has led to a global outage affecting millions of Windows users. The incident is being termed one of the most extensive outages ever, impacting numerous services and companies worldwide. Crowdstrike, a company many may not have heard of before, inadvertently caused this disruption with a problematic update to its Falcon virus scanner. The update led to widespread reports of the infamous Blue Screen of Death (BSOD) on computers running Windows. 

Microsoft quickly clarified that the issue was due to a third-party problem, absolving itself of direct responsibility. Users of Apple and Linux systems were unaffected, which brought some relief to those communities. Crowdstrike has since released a fix for the issue, but the recovery process remains cumbersome. IT professionals have noted that each affected machine requires a manual reboot in safe mode to restore normal operations. This task is complicated by the physical accessibility of the devices, making the resolution process even more challenging. There is currently no indication that the issue was caused by malicious intent or that any data has been compromised. 

Nonetheless, this incident highlights the crucial importance of staying updated with software patches, albeit with a note of caution. The cybersecurity community continues to stress the necessity of regular updates while acknowledging the occasional risks involved. Crowdstrike’s initial response fell short of an apology, which drew significant criticism online. However, CEO George Kurtz later issued a public apology via NBC News, expressing deep regret for the disruption caused to customers, travelers, and affected companies. This gesture, while somewhat late, was an important step in addressing the public’s concerns. This episode serves as a stark reminder of our heavy reliance on remotely managed devices and the vulnerability that comes with it. 

Despite robust systems in place to catch most issues, some problems, like this one, slip through the cracks. The timing of the update, which was pushed out on a Friday, compounded the difficulties, as fewer staff are typically available over the weekend to address such crises. For Crowdstrike customers, detailed instructions for the fix are available on the company’s support website. Many companies with dedicated IT teams are likely coordinating their responses to ensure a swift resolution. 

Unlike many outages that resolve themselves quickly, this incident will take days, if not longer, to fully mend, illustrating the significant impact of a single flawed update in our interconnected digital world.
Read more »
Virus Attack
Apple Devices iOS security iPhone Malware Technology Virus Attack

Your iPhone is at risk - Signs of Viruses You Shouldn’t Ignore!

 

Apple usually excels in shielding us from spam and pop-ups. With the myriad functions Apple packs into iPhones, users engage in diverse activities, from work to photos and gaming. While iPhones are considered less susceptible to cyber threats than Androids due to Apple's closed ecosystem, they aren't completely immune. If your iPhone exhibits unusual behaviour or sluggish performance, it could signal a virus. This guide breaks down how iPhones can contract viruses, how to identify an infection, and step-by-step instructions for removal. 
 Realising your iPhone has a virus is unsettling, but the scarier part is not even knowing it's disrupting the mechanism silently. Your device, data, and life could be at risk. Act promptly to prevent further damage by recognising these signs: 

1. Unwanted Apps

 If mysterious apps appear on your phone, ones you didn't download, a virus may be at play. Check your installed apps in settings and promptly uninstall any unfamiliar ones. 

2. Suspicious Configurations

 Unrecognised configuration profiles on your phone could signal a virus. Take a moment to review and delete any that seem out of place. 

3. Pop-Up Overload

While Apple excels at filtering spam, an overwhelming amount of pop-ups is a red flag. Stay cautious; avoid clicking on links from unfamiliar email addresses. 
 

4. Data Surge

Notice a sudden spike in data usage without a clear cause? It might indicate a virus. Check app data usage in Settings and remove any unfamiliar data-consuming apps. 

Apple’s unique operating system design plays a key role. Unlike traditional systems, Apple's OS ensures each app operates in its own separate space, limiting interactions and making it challenging for viruses to spread. Moreover, all apps on iPhones undergo a stringent vetting process in the official App Store, significantly reducing the likelihood of malware-infected apps. While iPhones are generally less susceptible to viruses, it's important to note that a 100% guarantee of immunity does not exist. Recent data suggests a noticeable surge in virus attacks, stressing on the likelihood of digital threats even within the typically secure iPhone environment. 

To stay ahead and steer clear of malware, it's vital to recognize potential signs of a virus. Keep an eye out for consistent app crashes, unexpected charges on your online accounts, rapid battery drain, and overheating – these could be signals of malware. However, it's essential to remember that these issues might also come from other sources, like malfunctioning apps, low memory space, or a weakening battery.

If you suspect a virus, take these steps:

1. Update iOS: Ensure your iOS is up to date to benefit from Apple's latest security patches.

2. Delete Suspicious Apps: Remove any unfamiliar or suspicious apps.

3. Clear Data and History: Navigate to Settings > Safari > Clear History and Website Data.

4. Power Off and Restart: Restart your iPhone by holding down the power button.

5. Change Passwords: Ensure complexity in your passwords.

6. Enable 2-Factor Authentication: Add an extra layer of security.


These measures often resolve issues. However, if problems persist, further actions may be necessary, potentially leading to data loss.


In a nutshell, the rarity of iPhone viruses emphasises the importance of considering other factors causing unusual behaviour. Regularly update iOS, be cautious of app sources, and  against potential threats. Safeguarding your iPhone involves understanding these intricacies and acting promptly when needed. Your digital world is worth protecting – let’s keep it safe.

Read more »
Virus Attack
Antivirus Discord Email Hacking Hackers Malicious Apps malware Phishing Attacks Virus Attack

Threats of Discord Virus: Ways to Eliminate it

Discord has gained popularity as a tool for creating communities of interest since the launch of its chat and VoIP services, notably among gamers. Discord can be exploited, though, similar to any other platform that contains user-generated material. 

It was discovered in 2021 that hackers carried out a number of malware attacks targeting Discord. Cybercriminals use various techniques to spread more than 20 different varieties that have been found. Due to Discord's broad customizability possibilities, common users are vulnerable to attacks inside and outside the chat server. Recent security analysis on Discord has uncovered a number of cyberattack scenarios connected to its chat service, which can be quite risky for users.

How does the Discord virus infiltrate the system?

The common phrase used to describe malware programs exchanged using the official Discord app is 'Discord Virus.' To get Discord users to run malicious software, cybercriminals use a variety of tactics, the pirated version of Discord Nitro is also frequently offered by attackers. 

The Discord software has a premium edition called Discord Nitro that is packed with more sophisticated capabilities. It is important to understand that the Discord Nitro app cannot be cracked because the premium features are delivered over the servers and not embedded into the app.

The system does display a few typical signs that point to the existence of Trojan infection:
  • The CPU is abruptly utilized more than normal
  • The system regularly glitches
  • Malicious pop-ups are constantly flooding browser
  • The user is not asked to initiate the opening of a window
  • Redirection to suspicious or unreliable websites
How to Update and Fix Discord

1. Operate discord as an administrator

Running the application with administrative rights may be a simple way to fix the Discord Update Failure problem. You can download and run the most recent Discord update due to this enabling the updater to change your device.

2. Give the update.Exe file a new name

A bug with the application's update.exe file was discovered by Discord's troubleshooters. For the best chance of successfully updating Discord to the most recent version, try renaming this file.

Copy "C: Users Username AppData" without the quotations and put it into the Windows + R keyboard shortcut. The username should be changed to the username for your local account.

3. Avoid using windows defender

The Discord Update occasionally crashes due to conflicts with Windows 10's default antivirus protections. Disabling Windows Defender will allow you to try updating Discord.

4. Disable your antivirus temporarily

Antivirus programs have a reputation for causing problems on computers by obstructing your internet service or preventing services and apps from operating as intended.

Discord can give rise to predatory behaviors like cyberbullying. Additionally, extreme organizations utilize Discord to recruit new members and keep in touch with them. You should take precautions against malicious users on Discord and never give out your personal information to anyone.

While utilizing the service, Discord provides a list of precautions to take in order to avoid spam and hacking. One recommendation is to create secure passwords that are less likely to be hacked. Additionally, individuals can defend themselves by scanning for suspected phishing attempts. 


Read more »
Virus Attack
Linux malware Mirai botnet Mozi Botnet Ransom Attack Virus Attack

XorDDoS, Mirai, and Mozi are Most Prominent Linux-targeted Malware

 

Linux-based computers are numerous and are an integral component of the internet backbone, but Linux malware has increasingly targeted low-power Internet of Things (IoT) devices. With billions of internet-connected devices such as vehicles, refrigerators, and network equipment online, IoT devices have become a prominent target for malware and distributed denial of service (DDoS) attacks, in which junk data is aimed at flooding a target and knocking it offline. 

Although ransomware is currently wreaking havoc on the malware scene in a deluge of high-profile attacks, a recent study on Linux security finds it only ranks third among the top threat kinds. Such shift in attitude stems in part from an increasing recognition among Linux hobbyists and system administrators that a compromised Linux system, such as a web server, presents attackers with a high return on investment.' In addition, malware research has improved visibility into the dangers that Linux systems face in recent years. 

In 2021, the XorDDoS, Mirai, and Mozi malware families and variants emerged to be the most prevalent, accounting for over 22% of all IoT Linux-targeting malware, according to an analysis of the current Linux threat landscape. 

XorDDoS is a Linux trojan that has been developed for a variety of Linux architectures, including ARM, x86, and x64. It gets its name from the fact that it uses XOR encryption in malware and network connection with the C2 infrastructure. XorDDoS variations on Linux PCs demonstrate that operators monitor and hunt for Docker servers with the 2375 port open. The port provides an unencrypted Docker socket and remote root passwordless access to the host, both of which can be exploited by attackers to get root access to the machine. 

Mozi is a P2P botnet network that uses the distributed hash table (DHT) architecture and implements its own expanded DHT. Mozi can mask C2 communication behind a significant volume of valid DHT traffic thanks to DHT's distributed and decentralized lookup method. By brute-forcing SSH and Telnet ports, Mozi attacks computers. It then blocks those ports to prevent additional malicious actors or viruses from overwriting them. 

Mirai virus has earned a name for itself in recent years, especially when its creator made the source code public. Mirai, like Mozi, employs brute-force assaults to infiltrate devices using weak protocols and passwords, such as Telnet.

Many business-critical applications use Linux as one of their core operating systems. Protecting Linux servers, which can be found on-premises as well as in private and public clouds, necessitates a solution that delivers runtime protection and visibility for all Linux hosts, independent of location.
Read more »
Virus Attack
cybercriminals Cybersecurity Fake news malware Misinformation Phishing scam Tactics Targeted cyber attacks Virus Attack

Misinformation is a Hazard to Cyber Security

 

Most cybersecurity leaders recognize the usefulness of data, but data is merely information. What if the information you've been given is actually false? Or it is deception? What methods does your cybersecurity program use to determine what is real and what isn't?

Ian Hill, Global Director of Cyber Security with Royal BAM Group defined misinformation as "inaccurate or purposely misleading information." This might be anything from misinformation to deceptive advertising to satire carried too far. So, while disinformation isn't meant to be destructive, it can cause harm. 

The ideas, tactics, and actions used in cybersecurity and misinformation attacks are very similar. Misinformation takes advantage of our cognitive biases and logical fallacies, whereas cyberattacks target computer systems. Information that has been distorted, miscontextualized, misappropriated, deep fakes, and cheap fakes are all used in misinformation attacks. To wreak even more harm, nefarious individuals combine both attacks. 

Misinformation has the potential to be more damaging than viruses, worms, and other malware. Individuals, governments, society, and corporations can all be harmed by misinformation operations to deceive and damage people. 

The attention economy and advertisement-centric business models to launch a sophisticated misinformation campaign that floods the information channels the truth at unprecedented speed and scale. Understanding the agent, message, and interpreter of a specific case of information disorder is critical for organizations to stop it. Find out who's behind it — the "agent" — and what the message is that's being sent. Understanding the attack's target audience — the interpreter — is just as critical.

Misconceptions and deceptions from basic phishing scams, cyberattacks have progressed. Misinformation and disinformation are cybersecurity risks for four reasons, according to Disinfo. EU. They're known as the 4Ts:

  •  Terrain, or the infrastructure that disseminates falsehoods 
  •  Misinformation tactics, or how the misinformation is disseminated
  •  The intended victims of the misinformation that leads to cyberattacks, known as targets.
  •  Temptations, or the financial motivations for disseminating false information in cyberattacks.
 
Employees who are educated on how threat actors, ranging from an amateur hacker to a nation-state criminal, spread false information will be less likely to fall for false narratives and harmful untruths. It is now up to cybersecurity to distinguish between the true and the fraudulent.
Read more »
Virus Attack
China Chinese Hackers email security school breach Sir John Colfox Academy Virus Attack

During ransomware attack, student's GCSE coursework seized

Sir John Colfox Academy, in Bridport, was the target of hackers, believed to be from China, after a member of staff mistakenly opened an email that contained virus and infected the school’s entire computer network. The email claimed to be from a teacher at another Dorset school.

Hackers seized pupil’s GCSE courework of the secondary school and demanded cash or returning it.

The Sir John Colfox Academy has about 1,000 pupils. The coursework was from one subject submitted by Year 11 students, which was saved on the school' system.

Head teacher David Herbert said: "We are liaising with the relevant exam boards about this specific issue."

Police have launched an investigation into the cyber attack.

Neither police nor the school have said how much money was demanded for the return of the coursework, but police say no money has been paid.
Read more »
Virus Attack
Bypass of Sensitive data. Malware Analyzers Virus Attack

Researchers discover Malware Samples Designed to Exploit CPU Vulnerabilities

As of late scientists have found more than 130 malware samples intended to misuse the recently disclosed Spectre and Meltdown CPU vulnerabilities that enable pernicious applications to sidestep memory isolation mechanisms in order to gain access to passwords, photographs, archives, mails, and other sensitive data.

Experts have cautioned that there could soon be remote attacks, not long after Spectre and Meltdown were unveiled on January 3, and to top that a JavaScript-based Proof of-Concept (PoC) misuse for Spectre had likewise been made accessible.

On Wednesday, January 17 an antivirus testing firm AV-TEST, announced that it has obtained 139 samples from different sources, including researchers, analysers and antivirus companies and had likewise observed 77 malware tests apparently identified with the CPU vulnerabilities making the number fairly rising to 119 by January 23. However, the experts do believe that the prevailing malware samples are still in the "research phase" and assailants are in all likelihood searching for approaches to extract more information from computers especially via the means of web browsers



“Most appear to be recompiled/extended versions of the PoCs - interestingly, for various platforms like Windows, Linux and MacOS,” says Andreas Marx, CEO of AV-TEST , further adds “We also found the first JavaScript PoC codes for web browsers like IE, Chrome or Firefox in our database now.”

Fortinet, which is likewise known for dissecting a significant number of the samples, affirmed that a larger part of them depended on accessible PoC code.

Processor and operating system vendors have been dealing with microcode and software alleviations for the Meltdown and Spectre attacks, yet the patches have regularly caused issues, prompting organizations ending refreshes and disabling alleviations until the point that such issues are settled.


Marx, in addition to the installing of the operating systems and BIOS updates, further proposed a couple of more suggestions that have a solid shot of reducing the attacks, two of them being: turning off the PC when it's not required for over an hour, and closing the web browsers amid work breaks. He is certain that by adjusting to these strategies the attack surface would diminish a considerable measure and furthermore save quite some energy.
Read more »
Virus Attack
IT Security News Malware Report password stealing trojans Virus Attack

Passteal : password-stealing malware disguised as keygen and ebooks

Password stealing malwares

Passteal, the malware that steals passwords stored in the browser using a password recovery tools, disguised as Key generators and Ebooks.

This indicates that the malware targets users who frequently use Torrent and other file hosting website to get hold of illegal copies of software.

While older variants use the password recovery tool "PasswordFox", the new variant uses 'WebBrowserPassView' tool to steal credentials stored in major browser apps such as Internet Explorer ver. 4.0-8.0, Mozilla Firefox 1.x-4.x, Google Chrome, and Apple Safari.

Once the malware extracts the data, it stores the stolen credentials in an .XML file and send the file to a remote FTP server.

According to TrendMicro malware report, the password recovery tool enables PASSTEAL to acquire all login credentials stored in the browser- even from websites using secured connections (SSL or HTTPS).
Read more »
Virus Attack
Malware Report Virus Attack

Japan's Search and Destroy Computer Virus : Endhiran film Style

Computer Virus Against Cyber Attack
Japan Govt developing a "Search and Destroy" computer virus capable of tracking, identifying and disabling sources of cyber-attacks. Fujitsu reportedly is working on the cyberweapon for Japan's Defense Ministry under a 178.5 million yen ($2.32 million) project initiated in fiscal 2008 by the ministry's Technical Research and Development Institute.


According to the yomiur's report , the program can identify the source of a cyber-attack to a high degree of accuracy for distributed denial of service (DDoS) attacks, as well as some attacks aimed at stealing information stored in target computers. In DDoS attacks, hackers send target websites enormous volumes of data, eventually forcing them to shut down.

CyberWeapon is developed for  defense only, however, Security experts fear the implications of such a tool falling into the wrong hands.


Endhiran Style:  In Endhiran film, hero develop a robot to help military that can search and destroy the bombs ,also enemies.   Unfortunately, in the middle of the film, the robot hacked by villan and turned to be malicious robot, it will destroy the city.

Likewise, BlackHat hackers can get this CyberDefense tool and modify it for malicious uses.

"Even a 'good' virus uses system resources such as disk space, memory and CPU time. On a critical system a 'good' virus could cause unexpected side effects." Sophos Security Researcher said.

"A "good" virus may trigger false positives from security software, costing time and money as IT departments respond to the alerts. " he added.

Rik Ferguson, a researcher for the security firm Trend Micro, said launching a virus designed to hunt down an attack could, in effect, have the exact opposite effect.

"If it's designed to spread autonomously, then system owners will have no opportunity to test whether its supposedly altruistic activities will have any negative impact on a running system," Ferguson wrote. "It will also consume bandwidth, disk space, memory and processor cycles, all adding to the load, just as a malicious worm does effectively creating a Denial of Service condition."

"Finally," he added, "it really wouldn't take much effort for criminal groups to take these white-hat tools and modify them for more malicious use, blurring the line even more between the 'good' and the bad and putting professional grade carrier mechanisms in the hands of criminals."
Read more »
Vulnerability
Cyber Attacks Man in The Middle attack Virus Attack Vulnerability

Possible Virus attack on Citibank Transactions : Man-in-Middle attack

Yash from Red Force Labs found have developed a Proof-of-concept malware almost a year back to attack Online banking using Man-in-Middle attack method. Recently he released a public video that demonstrates the MITM attack on Citibank India.

When a consumer transfers fund to A, this malware modifies the transaction to make sure it goes to B in real-time without user knowledge.

Man in Middle attack or Man in Browser attack is well known in the Internet Banking. Zeus is well known malware of this kind, which has stolen more than 200 US Million $ in many users accounts without the knowledge of consumers. Many Blackhat users have used Zeus Kit or Sources available and customized for different backs to steal money, this malware has capability to defeat two factor authentication based on Mobile. Few years back these types of attacks are not known, that does not mean it was not possible to perform this type of attacks, it was waiting to happen like many attacks are still waiting to happen in e-commerce world.

The demo explains how malware redirects the fund transfer to different Bank, different account number, increase amount. This malware is configurable, where attacker can mention any bank account as attacker account.This types of attacks are possible on many banks across the world and it is very sophisticated attacks, where malware does not need to steal authentication information of user


Read more »
Virus Attack
Backdoors Govt Hacked Hackers News Trojan Attacks Virus Attack

Backdoor R2D2 ~Government Trojan discovered by Chaos Computer Club

The Famous European hacker club, Chaos Computer Club(CCC) discovered the backdoor Trojan horse capable of spying on online activity and recording Skype internet calls which, it says, is used by the German police force.

For some years, German courts have allowed the police to deploy a Trojan known colloquially as "Bundestrojaner" ("State Trojan") to record Skype conversations, if they have legal permission for a wiretap.

But the CCC's claim is controversial, as the Trojan they have uncovered has more snooping capabilities than that. For instance, it includes functionality to download updates from the internet, to run code remotely and even to allow remote access to the computer - something specifically in violation of Germany's laws.

The malware has the following of functionality as per the Sophos's analysis:
* The Trojan can eavesdrop on several communication applications - including Skype, MSN Messenger and Yahoo Messenger.
* The Trojan can log keystrokes in Firefox, Opera, Internet Explorer and SeaMonkey.
* The Trojan can take JPEG screenshots of what appears on users' screens and record Skype audio calls.
* The Trojan attempts to communicate with a remote website.

A CCC spokesperson expressed the group's concern at the discovery:

"This refutes the claim that an effective separation of just wiretapping internet telephony and a full-blown trojan is possible in practice – or even desired. Our analysis revealed once again that law enforcement agencies will overstep their authority if not watched carefully. In this case functions clearly intended for breaking the law were implemented in this malware: they were meant for uploading and executing arbitrary code on the targeted system."

Was the Trojan horse really written by the German authorities?
We have no way of knowing if the Trojan was written by the German state - and so far, the German authorities aren't confirming any involvement.

The comments in the Trojan's binary code could just as easily be planted by someone mischievously wanting the Trojan to be misidentified as the infamous the Bundestrojaner.

What we can say is that the phrase "0zapftis" has raised some eyebrows amongst the German speakers at SophosLabs. It's a play on a Bavarian phrase "The barrel is open", said by the mayor of Munich when he opens the first barrel of beer at the Oktoberfest.

But there certainly have been claims of German state-sponsored cyber-spying in the past. For instance, in 2008, there were claims that the BND - Germany's foreign intelligence service - deployed spyware to monitor the Ministry of Commerce and Industry in Afghanistan.
Read more »
Virus Attack
Antivirus Botnets Kaspersky Virus Attack

Everymonth number of Botnets increased in millions~ Report from Kaspersky


“Hundreds of thousands of machines are joining botnets every month. Most of these botnets are used to propagate spam or distribute malware that can be used in cyber espionage. Some of them are used in DDoS attacks or as proxies to commit other cybercrimes.",Vitaly Kamluk, Chief Malware Expert, Global Research and Analysis Team, Kaspersky Lab

According to Kamluk, the largest botnet is Conficker, with more than 8 million infected hosts, followed by TDSS with more than 5.5 million, Zeus with more than 3.6 million, and Koobface with more than 2.9 million.

"One could think that laws should be able to help us. Indeed, there is a law that prohibits unauthorized access to remote systems, i.e., third parties cannot use the resources of the other’s machine. However, cybercriminals successfully bypass this law. They utilize and exploit systems in any way they want – to commit crime, earn money, etc. At the same time we researchers come up against the same law – but in our case it prevents us from fighting botnets

As an example of what could be done but cannot even be contemplated, there are over 53 000 command and control (C&C) centers on the Internet (source: www.umbradata.com). In many cases we know where the C&C centers of these botnets are, so in theory we could contact the owner’s Internet Service Provider and ask it to take it down or to pass control of the center to us. This would be the right decision if we didn’t want to leave all those thousands of infected machines online - continuing to attack other machines. We could issue a command for a bot to self-destroy itself from within the botnet infrastructure (starting from the command center) and then take it down. But unfortunately this represents unauthorized access, and we are not allowed to issue such a command",Kamluk.

He recommended that law enforcement consider taking the following steps to help investigators in fighting botnets:

  • Carrying out mass remediation via a botnet;
  • Using the expertise and research of private companies and providing them with warrants for immunity against cybercrime laws in particular investigations, so they can collect more evidence, or bring down a malicious system when it cannot be accessed physically;
  • Using the resources of any compromised system during an investigation - so that we can place traps on compromised machines to get the source IP addresses of the attackers, and to bypass the mechanisms they use to hide their identities;
  • Obtaining a warrant for remote system exploitation - only in the cases when no other alternative is available. Of course this could result in cyber espionage. But if it is done properly – if the warrant is given for particular system, in a particular case, for particular timespan – this could bring positive results. Indeed, it could significantly change the cyber-threat landscape.”
Read more »
Virus Attack
BlackHole Exploit Malware Attack Malware Report Server Exploit Virus Attack

MySQL.com is hacked and infected by Malware ~ Exploits Visitor's Broswer



MySQL.com is hacked and infected by Malware ,detected by HackAlert 24x7 Website malware monitoring platform. If you visit the website , your system will be infected by malware without your knowledge and crash your flash player,java.



 
Infection Process:
if you visit , you will run the malicious javascript code.

This code generates this Iframe
http://falosfax.in/info/in.cgi?5&ab_iframe=1&ab_badtraffic=1&antibot_hash=1255098964&ur=1&HTTP_REFERER=http://mysql.com/

and Throws out a 302 redirect to

http://truruhfhqnviaosdpruejeslsuy.cx.cc/main.php



This domain hosts the BlackHole exploit pack. It exploits the visitor's browsing platform (the browser, the browser plugins like Adobe Flash, Adobe PDF, etc, Java, ...), and upon successful exploitation, permanently installs a piece of malware into the visitor's machine, without the visitor's knowledge. The visitor doesn't need to click or agree to anything; simply visiting mysql.com with a vulnerable browsing platform will result in an infection.

Currently, 4 out of 44 vendors on VirusTotal can detect this piece of malware.

Trend Micros said:
"We recently found an interesting post in a Russian underground forum in the course of our research. People exchange information about their illegal activities in these kinds of forums. We found a user in the forum with the handle ‘sourcec0de‘ and ICQ number ’291149′ who is currently offering root access to some of the cluster servers of mysql.com and its subdomains.

The price for each access starts at $3,000 USD, with the exchange of money/access being provided by the well known garant/escrow system, whereby a trusted third party verifies both sides of the transaction."


The mysql.com website is as of now, still serving this exploit and malware.

armorize.com trying to contact mysql.com


Read more »
Subscribe to: Posts (Atom)