Pages

Wednesday, November 5, 2014

Zbot - kihsmalta.com - Hacked 






// http://urlquery.net/report.php?id=1415211438936

// zeus panel 
hxxp://kihsmalta.com/cp.php

// .htacces file
deny from quttera.com
deny from hosts-file.net
deny from amada.abuse.ch
deny from palevotracker.abuse.ch
deny from blogger.com
deny from phishtank.com
deny from netcraft.com
deny from google.com
deny from yahoo.com
deny from malwared.ru
deny from malware.com.br
deny from malekal.com
deny from k7computing.com 
deny from gdata.com
deny from gdatasoftware.com
deny from fortinet.com
deny from emsisoft.com
deny from quttera.com
deny from opera.com
deny from infospyware.com
deny from .................... etc 

 allow from all

 allow from all
 
# Block shell uploaders, htshells, and other baddies
RewriteCond %{REQUEST_URI} ((php|my|bypass)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|c100|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
RewriteCond %{REQUEST_URI} (\.exe|\.php\?act=|\.tar|_vti|afilter=|algeria\.php|chbd|chmod|cmd|command|db_query|download_file|echo|edit_file|eval|evil_root|exploit|find_text|fopen|fsbuff|fwrite|friends_links\.|ftp|gofile|grab|grep|htshell|\ -dump|logname|lynx|mail_file|md5|mkdir|mkfile|mkmode|MSOffice|muieblackcat|mysql|owssvr\.dll|passthru|popen|proc_open|processes|pwd|rmdir|root|safe0ver|search_text|selfremove|setup\.php|shell|ShellAdresi\.TXT|spicon|sql|ssh|system|telnet|trojan|typo3|uname|unzip|w00tw00t|whoami|xampp) [NC,OR]
RewriteCond %{QUERY_STRING} (\.exe|\.tar|act=|afilter=|alter|benchmark|chbd|chmod|cmd|command|cast|char|concat|convert|create|db_query|declare|delete|download_file|drop|edit_file|encode|environ|eval|exec|exploit|find_text|fsbuff|ftp|friends_links\.|globals|gofile|grab|insert|localhost|logname|loopback|mail_file|md5|meta|mkdir|mkfile|mkmode|mosconfig|muieblackcat|mysql|order|passthru|popen|proc_open|processes|pwd|request|rmdir|root|scanner|script|search_text|select|selfremove|set|shell|sql|sp_executesql|spicon|ssh|system|telnet|trojan|truncate|uname|union|unzip|whoami) [NC] 
RewriteRule .* - [F]

/// extracted from xylitolMalware family    ZEUS
MD5    8f6b9dbfb715c4a8166401e6fc511964
Version    2.1.0.1
RC4 Keystream    21db88b013ff66617997a990f083df91ac7327b64287569a376a5a63ee4abf234da43d2e758644c919788bc09200957d7b04084fa6dc1503e753f50257f10b121caea254c5be6d55fbaa07d21b777e2a67100ff27c6072d343ca9dbc80eb2f2ccd5293711ae6d9c365b5f8f3ddd83550189c3a418a8c9406b96bce25cb38d4d0695f8999e8d7fa0c013c2833e5a5cfcc5e14c61e816ca04bb2c1bac776170adaf451322d40e9e2ef3ea3bb11456fe1d5294e0eea1dfc85b38df9d659393174263447b4ec5b84f70d58deb85ca798c848c28e05f67ae39bed9f647062e47f682b209609c4fe6eb11f4caf8f22d1a182a8abb73f3b1624fd36465dbdad309ee049
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)