It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

RunForestRun DGA Update

page: 1
0

log in

join
share:

posted on Jul, 27 2012 @ 03:20 PM
link   
Heads up Server / Site Owners..Keep yourslef and others informed.


A few days ago Jindrich Kubec (Avast) pinged me that the RunForestRun malware changed the domain generating algorithm (DGA) and now uses waw.pl subdomains (instead of .ru) in malicious URLs.

Just a quick recap of the RunForestRun attack: It began in mid-June and infected many servers with Plesk Panel since then. Hackers used Plesk’s File Manager to inject malicious code (mainly) at the bottom of .js files. That malicious code used a Black Hole obfuscator and was always surrounded by the /*km0ae9gr6m*/…/*qhk6sa6g1c*/ pair of comments, which made it very easy to clean up whole servers using just a single regexp.


blog.unmaskparasites.com...

geek p0rn
( http:///fikpCNck )

edit on 27-7-2012 by cerebralassassins because: (no reason given)

edit on 27-7-2012 by cerebralassassins because: oops link :-)




new topics
 
0

log in

join