Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Macromedia, XML-RPC, and Internet Crime

Published: 2005-11-08
Last Updated: 2005-11-08 02:59:16 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
The Internet Storm Center handlers sign up for what we call "Handler of the Day" (or HOD) well in advance of when we will actually be the HOD.  So you never know what will come your way during the 24 hours you are the guardian of cyberspace.  Normally Mondays are pretty busy so I was quite pleased that today was fairly quiet.  Since there are no major events to report on, here is a summary of what came to us in our mailbag.

Lyndon wrote in to tell us that Macromedia has a .msi installer that can be downloaded from their website.  This makes deployment of their updates much easier for closed networks and enterprises.

An anonymous reader said that they found a version of the XML-RPC attack with requests of

/adxmlrpc.php

This request belongs to a Typo3 or a T3 extention. The same reader wrote back later to tell us they found the connection between T3 and the script.   adxmlrpc.php belongs to phpAdsnew which has a Typo3 Adminmodul. The current version 2.0.6 of phpAdsnew should be safe to use according to this forum.  Our anonymous reader also told us that the product has another problem, it does not run on php4.4.1 because 4.4.1 has a small bug which is not present in 4.4.0.  More to follow as this unfolds.

A Dutch reader pointed us to a story (in Dutch) about the recent arrest of hackers involved in the mega-bot network uncovered last month.  The hackers have now been linked to Russian online criminal groups.  This should not come as a surprise to any of us as we watched young hackers over the past few years move from pranks like web site defacements to criminal acts of theft and fraud. 

Standing on my soapbox for a moment, I have to say that this trend was predictable.  The Internet is the perfect playground for organized criminal activity.  Near-total anonymity, multiple ways to launder money, enormous amounts of value and wealth, extreme complexity, few laws and fewer law enforcement experts, and millions of users who have no concept of what is going on inside their shiny new computer.  Such a shame, too.  We face the real possibility that the Internet may implode on itself in the coming years, and will ultimately be a nice history lesson for future generations.  I hope we can save it, but the current signs don't point in that direction.

Marcus H. Sachs
Handler of the Day

Keywords:
0 comment(s)
Diary Archives