Pony Botnet steals $220,000 from multiple Digital Wallets

Are you the one of the Digital Currency Holder? PONY is after You. A Group of cyber criminals has used hundreds of thousands of infected computers of the digital currency holders to filch approximately $220,000 worth of Bitcoins and other virtual currencies. The researchers at the security firm,...

Dexter (CasinoLoader) Panel - SQL Injection Exploit

Exploit for multiple platform in category web applications import pycurl import urllib import cStringIO import base64 import argparse import sys import string import pygeoip version = "0.1-httpbots-PoC" def PrintHelp: global version print "usage: dexter.PoC.py -h action gateway url" print "" prin...

Java-Bot, a Cross-platform malware launching DDoS attacks from infected computers

These days botnets are all over the news. In simple terms, a botnet is a group of computers networked together, running a piece of malicious software that allows them to be controlled by a remote attacker. A major target for most of the malware is still Windows, but the growing market of Mac OS X...

Java based Cross platform malware targeting Apache Tomcat servers in the wild

Takashi Katsuki, a researcher at Antivirus firm Symantec has discovered a new cyber attack ongoing in the wild, targeting an open-source Web server application server Apache Tomcat with a cross platform Java based backdoor that can be used to attack other machines. The malware, dubbed as...

[FoxOne] Free OSINT Tool - Server Reconnaissance Scanner

FoxOne is a free OSINT tool, described by the author th3j35t3r as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner. Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel o...

FBI Warning Users About Financial Malware Beta Bot

The FBI began warning computer users about the Beta Bot Trojan this week, sounding the alarm about malware that has targeted a variety of online payment platforms and financial institutions over the few last months. According to an intelligence note prepared by the Internet Crime Complaint Center...

Marketing Firms Advertise Largely to Bots; Waste $9.5B

It may not come as a surprise that online advertising firms waste billions of dollars each year, but a new report claims that – even if you were to assume that the entire practice of targeting users with online ads is an effective and lucrative one – $9.5 billion this year will be wasted...

Bitbot C2 Panel gate2.php - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested on...

Bitbot (C2 Web Panel) - gate2.php Multiple Vulnerabilities

Bitbot C2 Web Panel - gate2.php Multiple Vulnerabilities Exploit Title: Bitbot C2 Panel gate2.php SQLi + XSS Date: 08/19/2013 Exploit Author: Brian Wallace bwall aka @botnethunter Software Link: https://sourceforge.net/p/flippingbitbot/wiki/Home/ Vulnerable Virtual Machine including Bitbot Tested...

Java based cross platform malware found in wild

Other than Windows, Now other platforms are becoming more popular every day and attracting bad guys who are starting to create malicious code for other systems. Java applications can run on multiple platforms with ease, thus no surprise that malicious code written in Java that is designed to targ...

Peer-to-Peer Botnet Takedowns a Challenge

The FBI, Justice Department and technology companies have had success shutting down botnets that rely on a centralized infrastructure and command and control servers to communicate with bots, steal data or send malicious commands. Peer-to-peer botnets, however, have proven more difficult to take...

Beta Bot Trojan Emerges as New Type of Banking Malware

A new strain of banking malware, Beta Bot, has been refined over the last few months to target ecommerce and comes complete with an array of features to help prevent it from being caught by usual security measures. According to research conducted by RSA Security’s Limor Kessem, the bot started ou...

Ra1NX PHP Bot PubCall Authentication Bypass Remote Code Execution

This module allows remote command execution on the PHP IRC bot Ra1NX by using the public call feature in private message to covertly bypass the authentication system. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)

Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution Metasploit Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution Date: March 24, 2013 Exploit Author: bwall Software Link:...

"Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution

Exploit for php platform in category web applications Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution Date: March 24, 2013 Exploit Author: bwall Software Link: https://defense.ballastsecurity.net/decoding/index.php?hash=69401ac90262f3855c23cd143d7d2ae0 Version:...

Ra1NX PHP Bot - pubcall Authentication Bypass Remote Code Execution (Metasploit)

Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution Date: March 24, 2013 Exploit Author: bwall Software Link: https://defense.ballastsecurity.net/decoding/index.php?hash=69401ac90262f3855c23cd143d7d2ae0 Version: v2.0 Tested on: Ubuntu require 'msf/core' class...

Ra1NX PHP Bot Authentication Bypass Remote Code Execution

Exploit Title: "Ra1NX" PHP Bot pubcall Authentication Bypass Remote Code Execution Date: March 24, 2013 Exploit Author: bwall Software Link: https://defense.ballastsecurity.net/decoding/index.php?hash=69401ac90262f3855c23cd143d7d2ae0 Version: v2.0 Tested on: Ubuntu require 'msf/core' class...

Chameleon Botnet Stealing $6M a Month in Fraudulent Ad Clicks

The Chameleon botnet continues to steal millions of dollars from online advertisers through fraudulent clicks made by malware. First discovered in late February, researchers at British-based Web analytics firm spider.io say more than 120,000 Microsoft Windows machines — the overwhelming majority...

Dissecting a mobile malware

The capillary diffusion of mobile devices, the lack of security systems on these platforms and low level of awareness on principal cyber threats made them a privileged target for cybercrime. We have assisted in the recent year to an explosion of malware designed to hit principal mobile OSs, in a...

Anonymous Twitter: AnonTwi

AnonTwi is a free software python client designed to navigate anonymously on social networks. It supports Identi.ca and Twitter.com. It can leverages proxying, randomization of header values, send fake geolocation data, and more. Anonymous Twitter AnonTwi supports: AES + HMAC-SHA1 encryption on...