Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out by multiple compromised websites on a single server and about adsense blackmail. We’ve written about how attackers hit these sites because that’s what we do. We figure out what they’re doing […]
Tag Archives: Malware
Analyzing a Malicious iFrame – Following the Eval Trail
Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden iframes that deliver spam-seo or other malware as easy to spot. Take this injection, for example (Thanks to Sucuri team member, Rafael C., for the sample): This is not a traditional iframe src=’http://… code, […]
SiteCheck Extended – Making It Easier to Scan Your Websites
Sucuri SiteCheck is our free website malware scanner that crawls any website to detect signs of Malware injections, SEO Spam, Blacklisting, Defacement and other similar indicators of a compromised website. It is widely used by Webmasters to verify if their sites have not been compromised or blacklisted. And now we’re extending it to other platfroms, […]
Ad Violations: Why Search Engines Won’t Display Your Site If it’s Infected With Malware
As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello, We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won’t be able to run any of your ads that link to that site, and any new ads pointing to that site will also […]
Highly Effective Joomla Backdoor with Small Profile
It feels like every day we’re finding gems, or what appear to be gems to us. We try to balance the use of the term, but I can’t lie, these are truly gems. The things they are doing, and by they I mean the attackers, are in some instance ingenious. I think you’ll agree that […]
PHP Backdoors: Hidden With Clever Use of Extract Function
When a site gets compromised, one thing we know for sure is that attackers love to leave malware that allows them access back to the site; this type of malware is called a backdoor. This type of malware was named this because it allows for remote control of a compromised website in a way that […]
Mysterious Zencart Redirects Leverage HTTP Headers
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details on what we found. The Scenario The site was redirecting to “www .promgirl .de”. I know, not very unique. Additionally, it was only affecting “www” […]
Many Pieces of a Puzzle: Target, Neiman Marcus and Website Hacking
Corporations get hacked all the time. This is not news to anyone in the security business, but it has certainly received a lot of attention from those in the media over the last few weeks because of a couple of large-scale credit card events at both Target and Neiman Marcus. For the average person, website […]
Website Mesh Networks Distributing Malware
Can you imagine having the keys to a kingdom? How awesome would that be!! This is true in all domains, especialy when it comes to your website. This is almost like the holy grail of website attacks, gain access and do what you want with someone else’s pride and joy. We all know that once […]
Recent OptimizePress Vulnerability Being Mass Infected
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it, but nothing major. That all changed yesterday when we detected roughly 2,000 websites compromised with iFrames that seemed to be caused by this same vulnerability. All of the contaminated websites […]