Author Topic: Another new package - FSPACK  (Read 3105 times)

0 Members and 1 Guest are viewing this topic.

January 12, 2010, 04:32:56 am
Read 3105 times

parody

  • Private Forum
  • Jr. Member

  • Offline
  • *

  • 27
I've been tracking a number of hosts over the last couple of months and finally found a live host that was poorly configured. Pulled down the files available that I could and now am able to identify the pack as "FSPACK".    Signature I've used for tracking within the urls is the file /xd/sNode.php being caught in IPS logs.

hxxp://atthistime.com/configs/

Reviewing the exploits contained and will update shortly with what I've been able to find.