728x90
I've received several reports of what appears to be shellshock exploit attempts via SMTP. The sources so far have all be webhosting providers, so I'm assuming these are compromised systems. The emails headers look something like this (thanks Justin for the anonymized headers, no thanks to Outlook for helpfully trying to make the links live):
The payload is an IRC perl bot with simple DDoS commands and the ability to fetch and execute further code
728x90
'malware ' 카테고리의 다른 글
| Kaspersky Hooking Engine Analysis (0) | 2014.10.29 |
|---|---|
| Scanning for Single Critical Vulnerabilities (0) | 2014.10.26 |
| 랜섬웨어 'TorrentLocker "공격을 확인 약 4,000 기관과 기업 피해 (0) | 2014.10.25 |
| CVE-2014-6352 OLE packager vulnerability and a failed patch for SandWorm (0) | 2014.10.25 |
| CVE-2014-4113 Detailed Vulnerability and Patch Analysis (0) | 2014.10.25 |