• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Labs Notes Monthly Recap – Sep/2016

October 6, 2016Estevao AvillezEspanolPortugues

FacebookTwitterSubscribe

Sharing what we learn in the form of content and tools has been a staple here at Sucuri since our inception. Our greatest challenge is having enough hours to share everything we find. Whether it be newfound research or discoveries made by our Incident Response Team, we strongly feel that it’s our responsibility to share. Many are familiar with this blog that we’ve maintained for years. Few though are familiar with our Labs Notes.

The Labs Notes were introduced years ago by our research team as a way to quickly share snippets of data we found interesting. It served as a simple log that we would refer back to, kind of like a log of events over time. As the team grew, it became a place that we could freely share this information with a highly technical audience. The Labs Notes are great for those with an insatiable appetite for the latest trends and insights pertaining to website malware and the associated tactics, techniques, and procedures being employed by cyber criminals.

Moving forward, we’ll be preparing monthly recaps in an effort to create a bridge between the initiatives on this blog and those on Labs Notes. We encourage everyone to take some time to review the awesome research our team is doing. You don’t have to be highly technical to appreciate the insights being shared.

Drupal Database WebShell

Bruno Zaneleto

Drupal doesn’t enjoy the popularity that other CMS applications like WordPress and Joomla do, but it boasts a strong community and adamant user base. Drupal is often deployed by some of the largest organizations in the world as the foundation for complex web applications. Its structure, however, is fundamentally different. Drupal is a monster!

In this note, we share a technique in which cyber criminals inject web shells into the Drupal database. The attackers were able to inject the shell directly into the tables, making direct calls to the shell remotely. We provide snippets of the log entries to look for and the exact methods we found during the incident response process.

Read More

Malicious Pop-ups in vBulletin

Fernando Barbosa

Pop-up ads are annoying. Unfortunately, many websites rely on them for a variety of reasons, including as a revenue stream. Naturally, if your intent is to have pop-ups, then there isn’t an issue. But what if you never added pop-ups, yet there they are… annoying your readers. If your website is doing something it wasn’t designed to do, that’s what we’d call a strong indicator of a potential compromise.

In this note, we share a case in which we found this exact scenario taking place on a site that used the vBulletin platform. For those who are unfamiliar, vBulletin is a very popular and powerful forum platform.

Read More

Hijacking PayPal Donations

Denis Sinegubko

A couple of months back, we shared an article where attackers employed new tactics to trick users by targeting an ecommerce site’s checkout page, infecting visitors with malware and redirecting them to a malicious checkout page. In this note, we expand on these tactics, uncovering how the attackers were able to hijack PayPal donations on a page. The site accepted donations via PayPal and the site owner noticed that the donation buttons looked broken. Further inspection revealed that the PayPal form code was partially replaced with someone else’s PayPal links.

Read More

Targeting Mobile Devices the Easy Way

Peter Gramantik

The past few years has brought about an increase in mobile-specific malware, which is to be expected. Detecting mobile devices has always been fairly straightforward; attackers have made use of certain tricks to ensure that their payloads get to the right devices. What we hadn’t considered was screen size! In this case, we were able to find malware that did away with the more common tactics and focused solely on the device screen width.

Read More

Magento as a Phishing Spam Sending Tool

Cesar Anjos

Targeting Magento should be no surprise. It’s one of the leading open-source CMS applications focused solely on the ecommerce industry. The reasons why they get hacked are also of no surprise (i.e., targeting sensitive information like credit card data). Recently we came across an interesting case where the attackers were misusing the commenting feature of the system to facilitate their spear phishing campaign.

Read More

FacebookTwitterSubscribe

Categories: Security Education, Sucuri UpdatesTags: Industry Reports, Malware Updates

About Estevao Avillez

Estevao Avillez is Sucuri’s Senior Director of Security Research, who joined the company in 2013. Estevao’s main responsibilities include leading the Research Group, which includes the Malware, Vulnerability and WAF/Sucuri Infrastructure. His professional experience covers 15 years with planning, project and operations management. Estevao has also worked in various areas such as logistics and supply chain, media and communication, telecommunications, and trading relationships with customers. He’s worked as a consultant in financial, strategic and operational management. When Estevao isn’t keeping our customers safe, you might find him taking care of his kids and running. Connect with him on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Getting Started with Sucuri Webinar

Getting Started with Sucuri Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.