Feed

Runforestrun update

Posted on June 26th, 2012 in 0day,exploit by dglosser

Old versions of Plesk store passwords in clear text
->   http://blog.unmaskparasites.com/2012/06/26/millions-of-website-passwords-stored-in-plain-text-in-plesk-panel/

There is  a remote  SQL vulnerability that has been found in old versions of Plesk allowing attackers to exploit those
passwords.
-> http://kb.parallels.com/en/113321

 

Combine these two together and what do you get, malware of course.

Plesk Vulnerability Leading to Malware
http://blog.sucuri.net/2012/06/plesk-vulnerability-leading-to-malware.html

Runforestrun and Pseudo Random Domains
http://blog.unmaskparasites.com/2012/06/22/runforestrun-and-pseudo-random-domains/

Run, Forest! (Update) – block 95.211.27.206

https://isc.sans.edu/diary/Run+Forest+Update+/13561

 

We’ve added a bunch of these domains but you should check the resources above, as well as new IP addresses to block.

 

(Thanks to Jack W. for keeping us up-to-date on these developments.)

 

 

Comments are closed.