Tag Archives: Website Infection[s]

RSS Reveals Malware Injections

There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check for […]

The Dangers of Hosted Scripts – Hacked jQuery Timers

Google blacklisted a client’s website claiming that malicious content was being displayed from forogozoropoto.2waky.com. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon we found the offending script. It was hxxp://jquery.offput.ca/js/jquery.timers.js – a jQuery Timers plugin that was moderately popular 5-6 years ago. Right now, […]

Popular Brazilian Site “Porta dos Fundos” Hacked

A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results: SiteCheck Found Malware on Porta dos Fundos If you do not want the joke to be on you, do not visit this site (portadosfundos) […]

Malvertising Payload Targets Home Routers

A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the short fall with this method is they require a website to inject the iFrame. As is often the case, tactics […]

WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability

The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It though as many are still not getting the word, or blatantly not updating, because we are seeing […]

Website Security: A Case of SEO Poisoning

There are so many ways your website can be co-opted by hackers for many different reasons, targeting the value created via your SEO is highly attractive. It provides an attacker the opportunity to cheat the system by quickly benefiting from your raw traffic, your audience. In this post we will share details of a recent […]