Monthly Archives: September 2011

MySQL.com Hacked (Javascript Malware)

Posted on September 26, 2011 by David Dede

It looks like the MySQL.com website is currently hacked and compromised with a JavaScript malware (and serving malware to anyone visiting it). Our scanner identified the malware as mwjs159 which is often related to stolen FTP passwords. So it looks … Read more


Posted in hacked, malware, malware_updates | Tagged , , | 15 Comments

Mass compromise at inmotionhosting.com

Posted on September 25, 2011 by David Dede

Thousands of sites were defaced today at InMotion hosting. The defacement was made by “TiGER-M@TE” and all of the affected sites showed the following text: Server   Hacked   By   TiGER-M@TE According to zone-h, they defaced at least 1,000 … Read more


Posted in hacked, malware, malware_updates | Tagged , , , | 8 Comments

Mass Spam Infection From Wplinksforwork Dot Com (50k+ WordPress Sites Hacked)

Posted on September 21, 2011 by David Dede

Last year we spoke about the siteurlpath blackhat SEO attack that was infecting many WordPress sites with spam. But, how many? We had no clue at the time. Today, we decided to check on Google and it seems that almost … Read more


Posted in malware, malware_updates, pharma, spam, wordpress | Tagged , , , , | Leave a comment

Website Getting Redirected? It Might Have Something To Do With Moneygram-tracking Dot Com

Posted on September 21, 2011 by David Dede

Have you ever tried to visit your site and you got redirected to a different site? Maybe some external news page that had nothing to do with your site? Then have you tried to visit it again to test and … Read more


Posted in backdoors, hacked, malware, malware_updates, vulnerability, wordpress | Tagged , , , , , | Leave a comment

TimThumb.php backdoor

Posted on September 14, 2011 by David Dede

If your site got compromised lately with the TimThumb.php vulnerability, make sure to check that script to see if it was not modified to act as a backdoor as well. We are seeing in many sites the timthumb.php with the … Read more


Posted in backdoors, hacked, malware, malware_updates, plugin, vulnerability, wordpress | Tagged , , , , , | Leave a comment

GoDaddy shared servers compromised – .htaccess redirection to sokoloperkovuskeci.com

Posted on September 14, 2011 by David Dede

We are seeing many sites hosted on GoDaddy shared servers getting compromised today (and for the last few days) with a conditional redirection to sokoloperkovuskeci.com. This is what it looks like on our scanner: Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7 Redirects … Read more


Posted in blacklisted, godaddy, hacked, htaccess, malware, malware_updates | Tagged , , , , , , | 28 Comments

ASK Sucuri: What about the backdoors?

Posted on September 8, 2011 by Daniel Cid

If you have any question about malware, blacklisting, or security in general, send it to us: contact@sucuri.net and we will answer here. For all the “ask sucuri” answers, go here. Question: What about the backdoors? Why are they so hard … Read more


Posted in ask, backdoors, security, sucuri | Tagged , , , | 3 Comments

Ascio Registrar Compromised – Brings Down UPS.com, Theregister and Others

Posted on September 4, 2011 by David Dede

If you tried to visit today the sites for UPS.com, theregister.co.uk, Vodafone, The Daily Telegraph and some other high profile sites, you would have received a scary message saying that they’ve been hacked (by turkguvenligi): And they were indeed hacked, … Read more


Posted in dns, hacked | Tagged , | 3 Comments
RSS Delicious