- adpzo.com
- adwnetw.com
- ausbnr.com
- bkpadd.mobi
- butdrv.com
- cdport.eu
- cdrpoex.com
- cliprts.com
- gbradde.tk
- gbradp.com
- gitporg.com
- hdrcom.com
- loopadd.com
- movaddw.com
- nopcls.com
- porttw.mobi
- pyttco.com
- tctcow.com
- tertad.mobi
- usabnr.com
Showing posts with label Asprox. Show all posts
Showing posts with label Asprox. Show all posts
Tuesday 15 July 2008
Asprox domains: 15/7/08
Another bunch of Asprox SQL Injection domains, new ones are in bold.
Labels:
Asprox,
SQL Injection,
Viruses
Thursday 10 July 2008
Asprox domains: 10/7/08
These seem to be the currently active Asprox SQL Injection domains to block or check for. New ones are in bold.
Two more new ones as well:
- adwnetw.com
- ausadd.com
- ausbnr.com
- bnsdrv.com
- butdrv.com
- cdrpoex.com
- crtbond.com
- destad.mobi
- destbnp.com
- drvadw.com
- gbradw.com
- loopadd.com
- movaddw.com
- nopcls.com
- porttw.mobi
- pyttco.com
- tertad.mobi
- usaadw.com
- usabnr.com
Two more new ones as well:
- bkpadd.mobi
- tctcow.com
Labels:
Asprox,
SQL Injection,
Viruses
Wednesday 9 July 2008
Asprox domains: 9/7/08
Another shift in the Asprox SQL Injection domains, still registered with Vivids Media GmbH. As ever, check your logs or block them.
- adwnetw.com
- ausadd.com
- ausbnr.com
- bnsdrv.com
- butdrv.com
- cdrpoex.com
- cliprts.com
- crtbond.com
- destbnp.com
- drvadw.com
- gbradp.com
- gbradw.com
- hdrcom.com
- loopadd.com
- movaddw.com
- nopcls.com
- tctcow.com
- usaadp.com
- usaadw.com
- usabnr.com
Labels:
Asprox,
SQL Injection,
Viruses
Monday 7 July 2008
Asprox domains: 7/7/08 and another SQL Injection mitigation article
Another batch of Asprox domains are active today - it also seems that those from 3rd July are still running too. I advise that you check your logs for these or block them:
- adbtch.com
- aladbnr.com
- allocbn.mobi
- adwadb.mobi
- apidad.com
- appdad.com
- asodbr.com
- asslad.com
- blcadw.com
- blockkd.com
- bnradd.mobi
- bnrbase.com
- bnrbasead.com
- bnrbtch.com
- browsad.com
- brsadd.com
- canclvr.com
- catdbw.mobi
- clrbbd.com
- dbgbron.com
- ktrcom.com
- loctenv.com
- lokriet.com
- mainadt.com
- mainbvd.com
- portadrd.com
- portwbr.com
- stiwdd.com
- ucomddv.com
- upcomd.com
Labels:
Asprox,
SQL Injection,
Viruses
Thursday 3 July 2008
Asprox domains: 3/7/08 and ngg.js
The Asprox domains used in the current round of SQL Injection attacks have shifted again, the ones to check for or block are:
- adwadb.mobi
- allocbn.mobi
- canclvr.com
- catdbw.mobi
- ktrcom.com
- lokriet.com
- mainbvd.com
- portwbr.com
- stiwdd.com
- testwvr.com
- upcomd.com
- ucomddv.com
Labels:
Asprox,
SQL Injection,
Viruses
Wednesday 2 July 2008
Asprox domains: 2/7/08
These seem to be the currently active domains used in the Asprox SQL Injection attack. Registrar of choice at the moment is Vivids Media GMBH (if they really exist) via Directi Internet Solutions (publicdomainregistry.com).
Best advice to to block access to these sites and check your logs.
- adupd.mobi
- adwste.mobi
- bnrupdate.mobi
- cntrl62.com
- config73.com
- cont67.com
- csl24.com
- debug73.com
- default37.com
- get49.net
- pid72.com
- pid76.net
- web923.com
Best advice to to block access to these sites and check your logs.
Labels:
Asprox,
SQL Injection,
Viruses
Monday 30 June 2008
Asprox: new domains including .mobi
Another set of domains used in the Asprox SQL Injection attack: bnrupdate.mobi, adwste.mobi, adupd.mobi, hlpgetw.com, hdadwcd.com, rid34.com, adwsupp.com,supbnr.com, suppadw.com, dl251.com, aspx49.com, kadport.com, tid62.com, and batch29.com.
It's the first time that I've seen .mobi used in this way. Blocking access to all .mobi domains will probably do little harm.
It's the first time that I've seen .mobi used in this way. Blocking access to all .mobi domains will probably do little harm.
Labels:
Asprox,
SQL Injection,
Viruses
Thursday 26 June 2008
Asprox: list of domains and mitigation steps
The folks over at Bloombit Software have a useful article called ASCII Encoded/Binary String Automated SQL Injection Attack which explains some of the technical details behind these attacks and also has another list of domains serving up malware which is useful to keep an eye on.
Labels:
Asprox,
SQL Injection
Asprox: app52.com, aspssl63.com, update34.com, appid37.com, asp707.com, westpacsecuresite.com
Another bunch of domains coming up in the latest batch of Asprox SQL Injection attacks: app52.com, aspssl63.com, update34.com, appid37.com, asp707.com, westpacsecuresite.com - check your logs for these.
Labels:
Asprox,
SQL Injection,
Viruses
Subscribe to:
Posts (Atom)