Slashdot Mirror

← Back to Users

User: UnmaskParasites

UnmaskParasites's activity in the archive.

Stories
0
Comments
8
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8

  1. Re:Firewall on Doorways Sneak To Non-Default Ports of Hacked Servers · · Score: 1

    Interesting point.

    Still makes no excuse why admins leave open ports and don't notice malicious activity on their servers for months

  2. Re:Firewall on Doorways Sneak To Non-Default Ports of Hacked Servers · · Score: 1

    Taking security seriously would be the solution.

    The chances are the intruders have root privileges (since they can re-configure Apache). So they can unblock any ports as easily.

    So if admins don't watch their servers, they won't even know that something's wrong.

  3. Re:Here's an example break-in. on Doorways Sneak To Non-Default Ports of Hacked Servers · · Score: 1

    The Whois information is forged. They just use a database of stolen contact details and use them to register domain names.

    Note how registration times of their many domains differ only by seconds.

  4. Re:Also done with 404 Error Documents on Malware on Hijacked Subdomains, a New Trend? · · Score: 1

    In this attack, the hacked sites redirect to subdomains of third party sites. E.g. site1.com redirects to sub.site2.org, so most NoScript settings should be safe.

  5. Re:We got hit by this on Image Searchers Snared By Malware · · Score: 1

    Thanks,

    I received it. Hope the second file is also under version control

  6. Re:We got hit by this on Image Searchers Snared By Malware · · Score: 1

    Thanks for sharing this story.

    Did you find and save that 7_22-5.class.php file? It would be interesting to see what exactly they tried to achieve.
    You can post the code (if it's short and not outright malicious) here or contact me directly using this form
    http://www.unmaskparasites.com/contact/

    Thanks,
    Denis

  7. Re:Whaaaaaa! on R.I.P. FTP · · Score: 1

    On many cheap hostings plans FTP is the only way to upload files.

  8. They steal passwords from config files on R.I.P. FTP · · Score: 1

    Hi,

    I'm Denis Sinegubko. The one quoted in this article.

    I want to clarify one thing about how malware steals passwords from webmasters' computers.

    TCP traffic sniffing was only one of possible vectors.

    However, now I have more proofs that malicious programs just read configuration files and registry settings.

    Just check how this trojan steals FTP, email and IM credentials:
    http://www.viruslist.com/en/viruses/encyclopedia?virusid=147349

    I checked programs, installed on my computer and indeed many of them store passwords in _plain text_, not encrypted. And those that encrypt
    passwords use very weak algorithms.

    FileZilla stores FTP credentials (including passwords) in .xml files in plain text. And this is "by design"! Check this thread:
    http://forum.filezilla-project.org/viewtopic.php?f=2&t=12280

    So why would malware bother with sniffing traffic or key logging (this activity can be detected by antivirus), when it can simply read everything it needs from files and Windows registry?