• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Labs Note

Double hidden style – Hiding spam

April 17, 2014Denis Sinegubko

FacebookTwitterSubscribe

We see many tricks that hackers use to make search engine bots think that the injected spam is not hidden. One of the common approaches is to place a spam block inside a div with some particular id or class and then add a JavaScript call to make that div invisible.

And the newest form of the unlocked iphone spam injection, tried something new (that also made us smile). It uses elementary school level math to make spammy a div id and the id in JavaScript to look different.

Here\’s the typical code:

<div id="232">...spammy content here...</div><script>document.getElementById (116*2) .style.display='none';</script>

The idea is simple: malware generates a random number (e.g. n) and then doubles that number and uses the result as the spam div id. And in the JavaScript code, they use the same multiplication operation verbatim as the getElementById(n*2) function parameter, which works because JavaScript implicitly converts numbers to strings.

FacebookTwitterSubscribe

Categories: Sucuri LabsTags: Labs Note

About Denis Sinegubko

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him not online at all. Connect with him on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.