Joomla Pharma Hack – Web Malware Removal

November 6, 2012 by 2 Comments

In my last SEO poisoning post I wrote about some really nasty conditional malware. In this one, we’re going to revert our attention to the more common variation of the attack, and look at the Joomla CMS.

Joomla Pharma Hack

This variation will be the Pharma hack. As of late, it seems to be going on a rampage on a number of CMS applications and many of its characteristics are similar. The objective appears to be clear though, find its way into Google’s search engine result pages (SERP).

While we can only speculate, the idea is simple – The SERPs are a cached product and as long as they keep the injections benign of malware they increase their odds of bypassing detection until someone spots it and reports.

Read More

Filed Under: joomla, Malware, pharma, security, SiteCheck, Spam, sucuri Tagged With: , , , , ,

SiteCheck – Got Blackhat SEO Spam Warning?

August 16, 2012 by 2 Comments

As of late it seems like we’re talking about a lot of SPAM related cases, this post will be no different.

Blackhat SEO

Before you start, let me preface this by saying that clearing a Blackhat SEO Spam injection is probably the biggest PITA (Google It) infection there is. They constantly evolve, making them difficult to detect and they employ both new and old techniques that, even after years, still prove to be annoying. This post will demonstrate one such case.

Read More

Filed Under: htaccess, Learn, Malware, pharma, research, SiteCheck, Spam, sucuri, virus, WordPress Tagged With: , , , , , ,

Sneaky vBulletin Script Injections

July 20, 2012 by 1 Comment

In the past few days/weeks we have been seeing some nasty vBulletin infections that are proving difficult to find. In this post we’ll describe it and what we have done to remove it.

We recently wrote about Conditional Malware, this is but another instance of that. In this instance, the conditions are set around specific referrers and user-agents.

When a user visits the forum via Google search engine result pages (SERP), they are greeted with this payload:

Read More

Filed Under: awareness, hacked, Malware, vbulletin, virus Tagged With: , , ,