Security Hero Rotating Header Image

Backdoor

Asante FM2008 10/100 Ethernet switch backdoor login

Bugtraq: Re: Asante FM2008 10/100 Ethernet switch backdoor login

Re: Asante FM2008 10/100 Ethernet switch backdoor login

URL: http://www.securityfocus.com/archive/1/505230

increased Backdoor.Coreflood infections

increased Backdoor.Coreflood infections

Posted by auto319326_at_hushmail.com on May 29

Is anyone else seeing an increasing in Backdoor.Coreflood
infections on their network? I have not yet been able to pinpoint
the infection vector. Has anyone seen coreflood being dropped by a
specific set of web pages?

Cheers,
Tim

URL: http://seclists.org/incidents/2009/May/0001.html

A lesson in FUD

Mydoom: A lesson in FUD

Fear, uncertainty and doubt can have very real effects on security, especially when uninformed ‘experts’ are too quick to jump to conclusions. Mydoom was an example. In the last week of January 2004, a new worm was discovered squirming its way across the Internet.

Security researchers quickly realized this was the fastest-spreading e-mail worm yet, eclipsing even the promiscuous Sobig worm. Craig Schmugar of McAfee saw a line of code containing the text “mydom”, and said of his decision to call it Mydoom: It was evident early on that this would be very big. I thought having “doom” in the name would be appropriate.

The original Mydoom worm carried two payloads:

– A distributed denial-of-service (DoS) time bomb, set to go off on the first of February that year – A remote access backdoor that allowed an infected MS Windows computer to be controlled without its user’s knowledge

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31460

Backdoor in com_rsgallery2 gallery extension for joomla

Bugtraq: Backdoor in com_rsgallery2 gallery extension for joomla

Backdoor in com_rsgallery2 gallery extension for joomla

URL: http://www.securityfocus.com/archive/1/503824

Backdoor in com_rsgallery2 gallery extension for joomla

Backdoor in com_rsgallery2 gallery extension for joomla

<!– Envelope-to: email@address Delivery-date: Tue, 26 May 2009 16:58:59 +0100 Received: from outgoing.securityfocus.com ([205.206.231.26] helo=outgoing2.securityfocus.com) by lt.network5.net with esmtp (Exim 4.43) id 1M8z3L-0002Ld-Ef for email@address; Tue, 26 May 2009 16:58:59 +0100 Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) by outgoing2.securityfocus.com (Postfix) with QMQP id 0676F143742; Tue, 26 May 2009 09:55:15 -0600 (MDT) Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: <bugtraq.list-id.securityfocus.com> List-Post: <mailto:bugtraq@securityfocus.com> List-Help: <mailto:bugtraq-help@securityfocus.com> List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> Delivered-To: mailing list bugtraq@securityfocus.com Delivered-To: moderator for bugtraq@securityfocus.com Received: (qmail 20495 invoked from network); 26 May 2009 06:03:34 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:mime-version:content-type:content-transfer-encoding :content-disposition:message-id; bh=MB1mx9CQQuOY66iO10m6OSm8RpcN7hzm4chypF1iqaQ=; b=szq0ATS2nMDoJRaMY3wCQJSl/85ukP7SrMSEEA39v17z6ZIKfaVFhn/Vovsh0xPgVg CLrHyhdG+8/vwSrtV4PDNWX9L/3YmMR9PdRBcGFQGaeFarknizRbwnfodiEZYfU6pHJv jlrh7wSu7WVLsjh2iCD8olkaEMRhImp81uCZg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:mime-version:content-type :content-transfer-encoding:content-disposition:message-id; b=n438N3ZnZLskV3v0hK0T6jzyRgpqntHuwd8WfOvx/huQqW6xwcPlAhHI5e7WSt/sfJ TpS+dy8IFUgBRxhgMqKtYpjGSkf8myOHcUKgyWzCW06453ZYgciKc4lXc58hINUn45dl poe0LZrOxKaz7JRP9KaqlmoI3cxGgUrhbq9Fw= User-Agent: KMail/1.9.10 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200905260803.32323.jvnkrk@gmail.com> X-IMAPbase: 1176125385 9186 Status: O X-UID: 9186 Content-Length: 2498 X-Keywords:

Hackers use PDFs to take over PCs

Hackers use PDFs to take over PCs

Want to be more secure online? Stop using Adobe Acrobat reader to open PDF documents in your browser. That’s what F-Secure virus hunter Mikko Hypponen, the closest thing to a rock star holding court at the RSA security conference, is advocating.

Ditching Adobe Acrobat Reader will greatly reduce your chances of getting your PC infected by a drive-by download, says the pony-tailed Hypponen, who was recently profiled in Vanity Fair. “That’s my advice,” says Hypponen, “I don’t expect a Christmas card from Adobe.”

The bad guys are increasingly using security flaws in Adobe Acrobat Reader browser plugins to open a backdoor to your hard drive. These instructions get implanted when you visit a tainted website. The next time you use Adobe Reader, a very tiny poisoned PDF from the bad guys also opens and installs the backdoor that may allow them to take over your computer.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=30993

.NET Framework Rootkits

.NET Framework Rootkits

Posted by Erez Metula on Apr 7

Hello,
Attached are the presentation + whitepaper I’m going to talk about at BlackHat conference next week in Amsterdam, titled ".NET Framework Rootkits – Backdoors inside Your Framework".

The main threats of Framework level rootkits are

 * Hidden malware
 *…

URL: http://seclists.org/fulldisclosure/2009/Apr/0062.html

Backdoor:WinNT/Rustock.E

Backdoor:WinNT/Rustock.E

URL: http://www.threatexpert.com/report.aspx?md5=45fe4ece57819a9f33797d84c216f08e

Backdoor.Win32.Omega.a

Backdoor.Win32.Omega.a

URL: http://www.threatexpert.com/report.aspx?md5=7dfe5309bd64643fe88006ae48c01b4a

Backdoor.Bifrose, Trojan-Dropper.Win32.Agent.fdl, Virus.Win32.Bifrose

Backdoor.Bifrose, Trojan-Dropper.Win32.Agent.fdl, Virus.Win32.Bifrose

URL: http://www.threatexpert.com/report.aspx?md5=e1af8da76e6c2ee16312a06935e61d8f

Backdoor:Win32/Bifrose.EY, VirTool.Win32.CeeInject, Win-Trojan/Bifrose.48559..

Backdoor:Win32/Bifrose.EY, VirTool.Win32.CeeInject, Win-Trojan/Bifrose.48559..

URL: http://www.threatexpert.com/report.aspx?md5=855c3213639a19dd30bf9297e866a47b

Backdoor.Win32.Bifrose.aqws, VirTool:Win32/Vbinder.P, VirTool.Win32.Vbinder..

Backdoor.Win32.Bifrose.aqws, VirTool:Win32/Vbinder.P, VirTool.Win32.Vbinder..

URL: http://www.threatexpert.com/report.aspx?md5=1ecb7c9e122b7df7420f93fd2a568162

Trojan.Win32.FlyStudio.hr, Backdoor.Win32.FlyAgent

Trojan.Win32.FlyStudio.hr, Backdoor.Win32.FlyAgent

URL: http://www.threatexpert.com/report.aspx?md5=f0e6d57fccc99ca2c029b1c3023bed3a

Trojan.Win32.Agent.buuk, Trojan-Dropper, Worm.Pinit, Backdoor.Agent!sd6..

Trojan.Win32.Agent.buuk, Trojan-Dropper, Worm.Pinit, Backdoor.Agent!sd6..

URL: http://www.threatexpert.com/report.aspx?md5=dd48b71a112600d5de276f8d7c0cfb44

Trojan-Dropper.Vb, Backdoor.ProRAT.K, Trojan.TDss, Packed.Generic.202..

Trojan-Dropper.Vb, Backdoor.ProRAT.K, Trojan.TDss, Packed.Generic.202..

URL: http://www.threatexpert.com/report.aspx?md5=7fa61f8b1ed99c1699c431790b990d36