To analyse the cna12 MySQL attacks, I had to install MySQL Express Server as the attacks were prematurely exiting when connecting to Dionaea. Extracting the binary files from the libpcap files was annoying, so I decided to change Dionaea so that it would automatically extract the binary files used in the cna12 attacks. Continue Reading
This post explains some measures that you can take to prevent the MySQL cna12.dll attacks from infecting your MySQL server. It follows on from a previous post which explains the attacks. If you find that a cna12.dll file or a piress user account keep reappearing on your MySQL server, then read on. Continue Reading
Have you, or your anti-virus software, noticed a file called ‘cna12.dll’ on your computer? Have you suddenly found that you have an imaginary friend called ‘piress’ whom you didn’t know about? If so, you may have fallen victim to a MySQL attack (and ‘piress’ may not be so imaginary, nor friendly for that matter). Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post follows on from the previous post which discussed how to run a Cuckoo Sandbox analysis of a MySQL attack.
This post starts analysing the results and notices an issue with a particular malware trait and Cuckoo (v0.4.2). Awfully gripping stuff — I was on the edge of my seat, but then that could be because my table was too far away from my chair. Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post discusses how to run the attack within the Cuckoo Sandbox. Subsequent posts will analyse the results.
It’s nice to use dynamic analysis to corroborate the findings from static analysis, but what if you face an SQL attack? What if the attack caused the MySQL server to drop an executable file and pass control to it, or if the attack was exploiting a remote code execution vulnerability? I developed a Cuckoo package, misql.py, to allow me to dynamically analyse some of the effects of MySQL attacks. Continue Reading