Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk in that? You may have seen the Grammar Police all over your comments yelling that you used the wrong version of “your” and pointing […]
Tag Archives: javascript
The Dangers of Hosted Scripts – Hacked jQuery Timers
Google blacklisted a client’s website claiming that malicious content was being displayed from forogozoropoto.2waky.com. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon we found the offending script. It was hxxp://jquery.offput.ca/js/jquery.timers.js – a jQuery Timers plugin that was moderately popular 5-6 years ago. Right now, […]
Spotting Malicious Injections in Otherwise Benign Code
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we scan through megabytes of HTML, JS and PHP. It’s quite easy to miss something bad, especially when it doesn’t visually stick out and follows patterns of a legitimate […]
Popular Brazilian Site “Porta dos Fundos” Hacked
A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results: SiteCheck Found Malware on Porta dos Fundos If you do not want the joke to be on you, do not visit this site (portadosfundos) […]
New iFrame Injections Leverage PNG Image Metadata
We’re always trying to stay ahead of the latest trends, and today we caught a very interesting one that we have either been missing, or it’s new. We’ll just say it’s new.. We’re all familiar with the idea of iFrame Injections, right? Understanding an iFrame Injection The iFrame HTML tag is very standard today, it’s […]
