Archive by Author

Phishing for Anonymous Alligators

Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers are learning how to produce new and convincing phishing lures. You might receive spam emails claiming to have some important document for you. Some of them have malicious attachments andRead […]

Security advisory: Stored XSS in Jetpack

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Stored XSS Patched Version:  3.7.1 During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugin of the WordPress ecosystem. Vulnerability Disclosure Timeline: September 10th, 2015 – Initial report to Automattic security teamRead […]

WordPress Malware – VisitorTracker Campaign Update

For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially posted some details about this issue on this blog post: WordPress Malware – Active VisitorTracker Campaign, but as the campaign and the malicious code has evolved, we decided provideRead […]

Analyzing Black Hat URL Shorteners

Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be flagged as malicious because authorities cannot simply blacklist a link from bitly.com or goo.gl, so weRead […]

.htaccess Tricks in Global.asa Files

As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual paths (e.g mod_rewrite), auto-append code to PHP scripts, etc. In the world of IIS/ASP there is also an equivalent — Global.asa files. This file contains common declarations for all ASP scripts andRead […]

WordPress Malware – Active VisitorTracker Campaign

We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of sites. We initially shared our thoughts on it via our SucuriLabs Notes, but as theRead […]

Analyzing Proxy Based Spam Networks

We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven’t shared, however, is the idea of Proxy-based Spam Networks (PSN). It’s not because it wasn’t interesting, it’s just not something we’d seenRead […]

Ask Sucuri: How to Create Website Backups?

Recently I had the good fortune of being able to present at Wordcamp Vancouver 2015. My presentation was titled ‘Why Security Matters‘ and I mentioned website backups several times. One of the people who attended asked me a great question: I backup my computer, and I backup the backup of my computer, but how doRead […]