« previous next »
Pages: [1]   Go Down

Author Topic: SimpleTDS go.php IDS alert...exploit kit as a service...  (Read 3892 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
SimpleTDS go.php IDS alert...exploit kit as a service...
« on: June 25, 2013, 04:09:38 PM »
See: http://urlquery.net/report.php?id=3320794  and  http://urlquery.net/report.php?id=3255628
Read about this being part of the RedKit Exploit Kit here: http://ondailybasis.com/blog/?p=1236 link article author = D.L.
Avast detects this object as HTNL:Iframe-inf
see analysis here: http://labs.sucuri.net/?details=124.217.249.45
and read here: http://research.zscaler.com/2011/05/why-blackhole-exploit-kit-is-rising.html (renamed Blackhole to Incognito exploit kit)...

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: SimpleTDS go.php IDS alert...exploit kit as a service...
« Reply #1 on: June 25, 2013, 07:40:32 PM »
Another php threat = IDS alerts for ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3)
See: http://urlquery.net/report.php?id=3118104
See: http://doc.emergingthreats.net/bin/view/Main/2015052
Read: http://stopmalvertising.com/malware-reports/the-c3284d-malware-network-stats.php.html
avast detects as JS;Iframe-UC[Trj], so we have protection...

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »