Weekly Malware Update – 2010/Feb/11

Weekly malware update. You can track all updates by following our malware_updates category.

    *If your site has been affected with any of these issues, contact us at support@sucuri.net or visit http://sucuri.net to get help or if you want to share some information with us.

Pharma / Blackhat SEO Spam by stat-tracker.info and others

We are tracking a large number of web sites that got hacked and are redirecting users to pharmacy-related domains. All the sites had the following code added to their PHP files:

Which basically redirect the user if they came from a search engine. Domains used in these attacks (among many others):

stat-tracker.info
listita.info
babbyboom.ru
startds.net
agency-translation.com
bbt-tv.ru
dl.newsite.in

They just act as an intermediary before sending the user to sites like http://centerpills.com/ and similar (to buy fake pharmacy related products).

For hosting providers, I recommend blocking the following IP addresses: 178.238.134.8, 194.28.172.37 and 88.198.16.186.

All the sites infected had old/ vulnerable versions of web applications running. So make sure to keep your sites updated!


To avoid getting your site blacklisted or with malware, visit http://sucuri.net to learn about our site security monitoring and malware removal solutions.

2 comments
  1. Hello…

    I’ve just checked my blog (blogger) using your free scan and found that there are malwares infected through some comments. Then, I checked each and every blog of the persons who left those comments, it showed that they all were malware free.

    How come is it possible? How could the malware infect through the comments while their blogs are free form malware?

    (Sorry to leave this message here as I didn’t find an e-mail address!)

    Regards,
    N. THIT

Comments are closed.

You May Also Like