TippingPoint | DVLabs | ThreatLinQ: Movers and Shakers

▼ 2012
- ▼ February (1)
  - MindshaRE: IDAception
► 2011
- ► December (4)
  - (loading)
- ► November (1)
  - (loading)
- ► October (1)
  - (loading)
- ► September (1)
  - (loading)
- ► July (2)
  - (loading)
- ► June (1)
  - (loading)
- ► May (1)
  - (loading)
- ► April (3)
  - (loading)
- ► March (1)
  - (loading)
- ► February (12)
  - (loading)
- ► January (1)
  - (loading)
► 2010
- ► December (1)
  - (loading)
- ► November (1)
  - (loading)
- ► October (1)
  - (loading)
- ► September (4)
  - (loading)
- ► August (1)
  - (loading)
- ► July (1)
  - (loading)
- ► March (1)
  - (loading)
- ► February (2)
  - (loading)
► 2009
- ► October (1)
  - (loading)
- ► September (3)
  - (loading)
- ► July (1)
  - (loading)
- ► June (5)
  - (loading)
- ► May (1)
  - (loading)
- ► April (2)
  - (loading)
- ► March (9)
  - (loading)
- ► February (7)
  - (loading)
- ► January (5)
  - (loading)
► 2008
- ► December (2)
  - (loading)
- ► November (4)
  - (loading)
- ► October (7)
  - (loading)
- ► September (9)
  - (loading)
- ► August (16)
  - (loading)
- ► July (9)
  - (loading)
- ► June (11)
  - (loading)
- ► May (1)
  - (loading)
- ► April (4)
  - (loading)
- ► March (6)
  - (loading)
- ► February (4)
  - (loading)
► 2007
- ► December (1)
  - (loading)
- ► November (5)
  - (loading)
- ► October (4)
  - (loading)
- ► September (1)
  - (loading)
- ► August (2)
  - (loading)
- ► July (9)
  - (loading)
- ► June (4)
  - (loading)
- ► May (8)
  - (loading)

ThreatLinQ: Movers and Shakers

By Mike Dausin
Wed 10 Sep 2008 09:30am
4584 Views
0 Comments
Link

Alright, it's time for an installment ThreatLinQ: Movers and Shakers. Most every week we will use this space to point out any interesting and or sudden events we may see in the ThreatLinQ data. This week there are a couple of PHP File Include filters which popped up on the movers and shakers page which are worth talking about:

First, Filter 4270 saw a sudden increase in traffic on 9/08/2009. This was due entirely to a single attacker from New Jersey targeting various PHP file include vulnerabilities. It looks as if this attacker resides at a hosting facility, so it would be a good bet to say this machine has been compromised. Below is a graph of this attacker's activity for the last few days:

A similar story exists for filter 6007. This time however, the IP is located in the Ukraine and appears to be targeting sites in the US and Korea.

That's it for the Movers and Shakers summary for this week. If you have a TMC account and would like more information about the latest trends be sure to visit the ThreatLinQ portal here: https://tmc.tippingpoint.com/TMC/threatlinq/

The two IPs responsible for these attacks are below:
209.250.238.63 - New Jersey U.S.A.
193.178.228.12 - Ukraine

Tags:

Published On: 2008-09-10 09:30:53

Comments post a comment

No comments.

Trackback

ThreatLinQ: Movers and Shakers

Comments post a comment

Published Advisories

Upcoming Advisories

Blog Entries