InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

ABE blocked a potential malware

https://forums.informaction.com/viewtopic.php?t=2573

Page 1 of 1

ABE blocked a potential malware

Posted: Fri Sep 11, 2009 5:02 pm
by Salvy
Hi today I was visiting this site http**://www**.chilenosencalifornia**.c*om/ and got a warning from ABE regarding it filtered a request from :

Code: Select all

ht**tp://***double.boubleba**relled.ws**/FrMal
After a bit of research I found out that piece of code is being used on exploited websites to distribute malware.

I'm curious how ABE determined it was a malicious code?

PS: Thanks for your great work Giorgio !

Re: ABE blocked a potential malware

Posted: Sun Sep 13, 2009 2:24 am
by GµårÐïåñ
Because it attempts to make a local access to save the malware to be executed later. Since your standard ABE system ruleset denies such access to local system, it was thwarted.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited