Clik here to view.
vBulletin Infections from Adabeupdate
vBulletin is a popular forum platform that is also starting to become a popular target for web attacks. vBulletin (and vbSEO) had some serious security vulnerabilities in older versions, and when a...
View ArticleSSH Brute Force – The 10 Year Old Attack That Still Persists
One of the first server-level compromises I had to deal with in my life was around 12 ago, and it was caused by a SSH brute force attack. A co-worker set up a test server and chose a very weak root...
View ArticleMalware Hidden Inside JPG EXIF Headers
A few days ago, Peter Gramantik from our research team found a very interesting backdoor on a compromised site. This backdoor didn’t rely on the normal patterns to hide its content (like base64/gzip...
View ArticlePhishing 2.0 – Credit Card Redirection on Compromised Sites
We have seen it all when it comes to compromised sites: from silly defacements, to malware, spam, phishing and all sorts of injections. However, the bad guys are always looking to maximize their...
View ArticleClik here to view.
HideMeBetter – SPAM injection Variant
Compromised sites being injected with SPAM SEO is something we deal very often. A few months ago we wrote about a wave of SPAM injections known as HideMe. However, the bad guys are always getting more...
View ArticleClik here to view.
More Creative Backdoors – Using Filename Typos
When a site gets compromised, one thing we know for sure is that the attackers will leave some piece of malware in there to allow them access back to the site. We call this type of control capability a...
View ArticleClik here to view.
Open Source Backdoor – Copyrighted Under GNU GPL
Malware code can be very small, and the impact can be very severe! In our daily tasks we find a lot of web-based malware that varies in size and impact. Some of the malware is well known and very easy...
View ArticleClik here to view.
Joomla Hacks – Part I – Phishing
Joomla is a very popular open source CMS, dominating approximately 10% of the website market. While great for them, horrible for many others, as being popular often paints a big target on your back, at...
View ArticleWordPress Database Table and wp_head Injections
There are multiple places where a malware injection can be hidden on a web site. On WordPress, for example, it can be hidden inside the core files, themes, plugins, .htaccess and on the database. More...
View ArticleMalware iFrame Campaign from Sytes(.)net
For the last few weeks we have been tracking a large malframe (malicious iframe) campaign that has been injecting iframes from random domains from sytes(.)net into compromised sites. Malicious iframe...
View ArticleBackdoor Evasion Using Encrypted Content
A few weeks ago on the Sucuri Research Labs we mentioned a new type of malware injection that does not use base64_decode, and instead conceals itself as a variable and is built with a combination of...
View ArticleJoomla Hacks – Part I – Phishing
Joomla is a very popular open source CMS, dominating approximately 10% of the website market. While great for them, horrible for many others, as being popular often paints a big target on your back, at...
View ArticleWordPress Database Table and wp_head Injections
There are multiple places where a malware injection can be hidden on a web site. On WordPress, for example, it can be hidden inside the core files, themes, plugins, .htaccess and on the database. More...
View ArticleMalware iFrame Campaign from Sytes(.)net
For the last few weeks we have been tracking a large malframe (malicious iframe) campaign that has been injecting iframes from random domains from sytes(.)net into compromised sites. Malicious iframe...
View ArticleBackdoor Evasion Using Encrypted Content
A few weeks ago on the Sucuri Research Labs we mentioned a new type of malware injection that does not use base64_decode, and instead conceals itself as a variable and is built with a combination of...
View ArticleRevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware...
View Article