Sucuri SiteCheck – Web Malware Distribution – May 2012

Last month ( May 2012), we were able to identify 94,866 compromised (hacked) websites using our free SiteCheck scanner.

These were the top infections per distribution type (iframes and conditional redirections). A comparison to April can be seen here – Sucuri SiteCheck – Web Malware Distribution – April 2012):

You can more closely follow the daily activity in our labs by following Sucuri Labs and monitoring the Sucuri Labs page.

Conditional (often htaccess) redirections:

[# of sites compromised] [malware url]
1222 http://kogirlsnotcryz.ru:8080/forum/showthread.php?page=beb2436a164c6222
994 http://opimmerialtv.ru:8080/forum/showthread.php?page=beb2436a164c6222
991 http://rec-creations.com/adv.php
870 http://melaf.ru/jtrepj?7
594 http://minkof.sellclassics.com/
531 http://ineed.co.nz/adverts/media.php
463 http://spbfotomontag.ru:8080/forum/showthread.php?page=beb2436a164c6222
384 http://rolyjyl.ru/count30.php
364 http://beonce-preez.ru/infinity?8
347 http://rolyjyl.ru/count30.php
345 http://tradeincas.ru/siga?7
327 http://mikapola.ru/yeot?7
312 http://styxving.ru/evos?7
312 http://commenttwitt.ru/g4hs?5
308 http://kogirlsnotcryz.ru:8080/forum/showthread.php?page=beb2436a164c6222
295 http://mygooglemy.com
279 http://colce-adem.ru/infinity?8
271 http://get-sany.ru/sunreal?9
257 http://rec-creations.com/adv.php
251 http://pasla-setatg.ru/qrfoa?8
224 http://song-moll.ru/sher?3
223 http://onmouseout-change.ru/vis/index.php
220 http://may-preez.ru/infinity?8
214 http://2domeinold.ru/in.cgi?19
213 http://drbolivar.com/stats.php
211 http://styx-ving.ru/evos?7
208 http://crowgerber.ru/edintef?2
206 http://maybeonce.ru/infinity?8
201 http://freezday.ru/sunreal?9
201 http://beonce.ru/infinity?8

Malicious iframes:

[# of sites compromised] [malware url]

1357 http://lowresolutionit.in/in.cgi?6
379 http://smuss.net/redirect.php
344 http://rolyjyl.ru/count30.php
296 http://directmarketing32businessexchange.in/in.cgi?55764
276 http://sluxxqqgykewolmoli.in/in.cgi?default
225 http://2domeinold.ru/in.cgi?19
185 http://google-adsens.com/in.cgi?2
175 http://direct9.in/in.cgi?55764
156 http://www0apps-myups.com/main.php?page=bbf13438dcde29a9
153 http://bigdeal777.com/gate.php?f=981287
152 http://31.184.242.81/link.php
139 http://rec-creations.com/adv.php
134 http://rycgoka.ru/count1.php
133 http://directmarketing32linearsale.in/in.cgi?55764
123 http://csepros.com
110 http://bizzqw.ru/in.cgi?19
108 http://ineed.co.nz/adverts/media.php
103 http://gocgleapps.com/api?in=864
95 http://htpcapital.com/main.php?page=98d3bf6d08596d13
76 http://directmarketing40linearsale.in/in.cgi?55764
75 http://tdska.sauna-ess.ru/go.php?sid=7
75 http://64.34.202.180/scrp.php
73 http://startcooking.com/public/files/jquery.php
66 http://www.thesea.org/media.php
66 http://karenbrowntx.com
58 http://sytratesthj.co.cc/1/go.php?sid=13′
57 http://uwlex90.in/
54 http://directmarketing40wardsale.in/in.cgi?55764
50 http://www.kw.ee/paypal.php?curr=USD
49 http://techcasfh.in/in.cgi?19


If you suspect your site to have fallen victim to an attacker feel free to use our free SiteCheck scanner: http://sitecheck.sucuri.net. If you have any questions pertaining to the results you can reach us at info@sucuri.net

Scan your website for free:
About Daniel Cid

Daniel B. Cid is the CTO&Founder of Sucuri and the founder of the open source OSSEC HIDS. His interests range from intrusion detection, log analysis (log-based intrusion detection), web-based malware research and secure development.

You can find more about Daniel at his site dcid.me or on Twitter: @danielcid