[nsp-sec] HydraFlux is wootyful delicious - Re: rundll841.com wwwDOTwin496.com wwwDOTtag58.com err68.comand sysid72.com sqlinjection sites.
White, Gerard
Gerard.White at aliant.ca
Tue Jun 10 08:08:09 EDT 2008
Like I mentioned earlier, there appears to be a 2nd subset of nodes
(i.e. incarnation)
distinguished by a boundary=1BEF0A57BE110FD467A identifier.
Am I wrong?
Nice write-up!
GW
855 - Bell Aliant
> -----Original Message-----
> From: William Salusky [mailto:william.salusky at aol.net]
> Sent: Tuesday, June 10, 2008 2:57 AM
> To: william.salusky at aol.net
> Cc: White, Gerard; NSP Security List
> Subject: Re: [nsp-sec] HydraFlux is wootyful delicious - Re:
rundll841.com wwwDOTwin496.com
> wwwDOTtag58.com err68.comand sysid72.com sqlinjection sites.
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Okie dokie. Lesson #2 in global fluxnet domination for GW... and NO
ONE
> ELSE! No Flux for you!
>
>
http://handlers.sans.org/wsalusky/ws/index.php/HydraFlux-Mass_SQL_Inject
ion-forum_asp_php
>
> W
>
>
> William Salusky wrote:
> | ----------- nsp-security Confidential --------
> |
> | Ah yes. forum_asp.php is the polling URI that commands/triggers the
> | mass sql injection propagation vector. You've gotta love the full
life
> | cycle maliciousness involved in HydraFlux.
> |
>
> - --
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Cygwin)
>
> iD8DBQFIThCOXyx2ON3+G40RAl1HAKCkHHhAZJncErJQ8cLPu982ftqihwCeN4iJ
> gV1eVl0FNNSUwe6O1AqmteQ=
> =1dYG
> -----END PGP SIGNATURE-----
More information about the nsp-security
mailing list