Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Targets of the day - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Targets of the day

So, on a sunday morning, I was watching some hacker activities.

These hackers were doing the following pattern:

- Using bots based on Perl
- Querying Google for parts of the urls that may identify some applications, using the "inurl:" parameter.
- Scanning the Google results sites for vulnerable applications
- Exploit those applications in a way to run remote commands on the machine, giving orders like download additional software to the machine, like the same perl bot.

As the "plat du jour" , the following services/applications were being scanned, using google:

- modules/tinycontent
- flashchat
- /xgallery/
- webcalendar

So, if you use any application that contains these strings in the url that makes easy for them to find your site, beware and check for additional updates on these applications!


Pedro Bueno < pbueno //&&// isc. sans. org >


155 Posts
ISC Handler
Aug 26th 2007

Sign Up for Free or Log In to start participating in the conversation!