To analyse the cna12 MySQL attacks, I had to install MySQL Express Server as the attacks were prematurely exiting when connecting to Dionaea. Extracting the binary files from the libpcap files was annoying, so I decided to change Dionaea so that it would automatically extract the binary files used in the cna12 attacks. Continue Reading
MySQL attacks
All posts tagged MySQL attacks
This post explains some measures that you can take to prevent the MySQL cna12.dll attacks from infecting your MySQL server. It follows on from a previous post which explains the attacks. If you find that a cna12.dll file or a piress user account keep reappearing on your MySQL server, then read on. Continue Reading
Have you, or your anti-virus software, noticed a file called ‘cna12.dll’ on your computer? Have you suddenly found that you have an imaginary friend called ‘piress’ whom you didn’t know about? If so, you may have fallen victim to a MySQL attack (and ‘piress’ may not be so imaginary, nor friendly for that matter). Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post finishes the dynamic analysis and, for those who wish I’d hurry up and get to the point, contains the conclusion. This post is long, but a lot of it is log output. Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post follows on from the previous post which discussed how to run a Cuckoo Sandbox analysis of a MySQL attack.
This post starts analysing the results and notices an issue with a particular malware trait and Cuckoo (v0.4.2). Awfully gripping stuff — I was on the edge of my seat, but then that could be because my table was too far away from my chair. Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post discusses how to run the attack within the Cuckoo Sandbox. Subsequent posts will analyse the results.
It’s nice to use dynamic analysis to corroborate the findings from static analysis, but what if you face an SQL attack? What if the attack caused the MySQL server to drop an executable file and pass control to it, or if the attack was exploiting a remote code execution vulnerability? I developed a Cuckoo package, misql.py, to allow me to dynamically analyse some of the effects of MySQL attacks. Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? This post follows on from the previous posts in this series, and analyses the binary file, cna12.dll, extracted from the MySQL commands. Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? If so, then these posts are for you. They have all the fun involved from noticing an increase in traffic to extracting malware from a packet capture and analysing it. If you like the thrills and spills of scripting information processing tasks, then read on as this post will show you how to script the gathering of information from packet captures. Continue Reading
Seeing an increase in MySQL attacks hitting your network and interested in knowing more about them? If so, then these posts are for you. They have all the fun involved from noticing an increase in traffic to extracting malware from a packet capture and analysing it. If you like the thrills and spills of scripting information processing tasks, then read on. If you’d rather I just got to the point and presented information about the attacks, then you can probably skip this first post. Continue Reading