The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015

Carna botnet consists of 420 million IP-addresses

Carna botnet consists of 420 million IP-addresses

Unidentified hacker created botnet called ‘Carna’ to make a world map of devices that use IPv4 protocol. The criminal found out that there is a lot of unprotected IPv4-devices in the Web. The only thing needed to take control over them was entering default account credentials, such as «root:root» or admin:admin.

I saw the chance to really work on an Internet scale, command hundred thousands of devices with a click of my mouse, portscan and map the whole Internet in a way nobody had done before, basically have fun with computers and the Internet in a way very few people ever will, - stated hacker.

To make his plans real the hacker created two binary files, 46 and 60 K each, written in C with two parts, and then downloaded these files to users' machines.

As a result, the cybercriminal was able to easily spy on IPv4 devices. He recorded every IP-address responsible for at least one of the 52 billionpingssent during June-October 2012. About 420 million IP-addresses responded to pings sent by Carna botnet.

The cybercriminal managed to take control over more than 420 thousand machines that created Carna botnet. Such a number of bots indicates a low level of security of Internet-connected PCs.

The hacker claims he did not harm the bots, and the downloaded files were self-removed after reboot.

You may find a full botnets description here.

(c) Naked Security


Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015