Saturday, December 20, 2014
Text Size
Overview Search Downloads Up
Download details

Please consider donating before downloading - we do not generate any income via HostExploit reports, and carry out our work for the better of the internet. Donations of any amount help us to cover our costs.

MALfi - A CyberCrime International Report

Please register or login to download files from this category.


Size 1.95 MB
Language English
License Creative Commons by-nc-nd
Author HostExploit
Price Free
Created 2009-11-11 07:00:00
Changed at 2009-11-11 07:00:00

CyberCrime International – MALfi

A new cybercrime report from, the producers of the definitive reports exposing RBN (Russian Business Network), Atrivo, McColo, Real Host, and a foremost source of rogue network activity analysis on the Internet.

MALfi “A Silent Threat”

What is it all about, MALfi? A blended threat currently detected on around 350,000 websites & Internet servers. One major purpose is to establish, “use once and throw away” disposable botnets for spam, phishing, DDoS and exploits.

Abstract / Press Release

MALfi is a holistic and descriptive term applied to adequately describe the recent blended attack utilized by hackers and cyber criminals to compromise websites and servers. This is a combination of RFI (remote file inclusion), LFI (local file inclusion), XSA (cross server attack), and RCE (remote code execution).

Conservative estimates over recent months indicate around 350,000 affected websites and servers worldwide. HostExploit and associated researchers have tracked 103,351 attacks, involving 2,743 unique IP addresses, with 85 countries involved in RFI scanning and 911 ASNs involved.

RFI is used by hackers to compromise websites and upload a remote user interface shell. This ensures partial to full manual and unauthorized control over the server. This differs from the now familiar “drive by” web site exploit as it provides hackers with a ready-made arena where internet plunder in the form of information, controlled servers and web sites are exchanged or resold to cyber criminal groups.

Essentially the RFI hackers continuously and automatically search for website vulnerabilities for exploitation. Once breached, the websites and often the now compromised underlying servers, are utilized for DDoS (distributed denial of service) attacks such as the recent US and Korean government DDoS, spamming, phishing, large scale ID theft and to facilitate further attacks on other targets. It follows that many of the regular and apparently attempted attacks on various high volume governmental and key servers were RFI and similar vulnerability scanning, bots and scripts.

In comparing RFI and SQL injection / viruses / worms, RFI scanning, and related exploitation, happens continuously and affects all corners of the Internet. Both un-patched windows systems and systems with RFI vulnerabilities are on a theoretical time to live.

The how, what and where of this particular hacking technique and cybercrime business model are provided together with detailed and graphic explanations in the HostExploit community research report.


Forgot login?