TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... At the 2007 Black Hat Briefings in Las Vegas, TippingPoint DVLabs had five speakers presenting on a variety of topics.

ThreatLinQ: Movers and Shakers

Alright, it's time for an installment ThreatLinQ: Movers and Shakers. Most every week we will use this space to point out any interesting and or sudden events we may see in the ThreatLinQ data. This week there are a couple of PHP File Include filters which popped up on the movers and shakers page which are worth talking about:

First, Filter 4270 saw a sudden increase in traffic on 9/08/2009.  This was due entirely to a single attacker from New Jersey targeting various PHP file include vulnerabilities. It looks as if this attacker resides at a hosting facility, so it would be a good bet to say this machine has been compromised. Below is a graph of this attacker's activity for the last few days:



A similar story exists for filter 6007. This time however, the IP is located in the Ukraine and appears to be targeting sites in the US and Korea. 

That's it for the Movers and Shakers summary for this week. If you have a TMC account and would like more information about the latest trends be sure to visit the ThreatLinQ portal here: https://tmc.tippingpoint.com/TMC/threatlinq/

The two IPs responsible for these attacks are below:
209.250.238.63 - New Jersey U.S.A.
193.178.228.12 - Ukraine
Tags:
Published On: 2008-09-10 09:30:53

Comments post a comment

No comments.
Trackback