• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Labs Notes Monthly Recap – Apr/2017

May 2, 2017Estevao AvillezEspanolPortugues

FacebookTwitterSubscribe

This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on small changes that website owners might miss. Examples include typos in domain names, unused top-level domains (i.e. .com, .solutions), and delayed banner ads.

Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month.

WordPrssAPI Steals Your Cookies

Cesar Anjos

Cookies tell websites that your browser is trusted and let you stay logged into your website for a specific amount of time, or until you log out. We discovered an infected WordPress website that contained a piece of obfuscated JavaScript code that sends a browser cookie data to a fake WordPress domain.

By using a typo – wordprssapi[.]com – the attackers can evade detection by webmasters. This cookie-stealing backdoor allows attackers to hijack active login sessions for WordPress users – including administrators – as if they were still logged into the WordPress dashboard.

Read More

Titles, Imprints and Marks Left by Attackers

Jose Martinez

Some hackers like to leave their mark on websites. We see this most often with defacements that replace the homepage with some kind of message, often related to a political or hacktivist agenda. Due to the relative ease of a defacement, they are also common among beginner hackers – often called script kiddies.

This post shows a few examples of the thousands of variations on the theme of SEO defacements. These aim to change website title tags in order to prove elite status among other hacker groups or spread messages related to their particular cause.

Read More

WebSockets, Viagra and Fake CloudFlare CDN

Fernando Barbosa

Top-level domains (TLDs) are a new way hackers exploit vulnerable, unknowing webmasters. We found an infection that injects scripts hosted on an external website pretending to be a CloudFlare domain – cloudflare[.]solutions – including fake CloudFlare website content.

The WHOIS information shows it was purchased a few months ago by a Russian company. The external scripts loaded from this website cause a 15-second delay before rotating through banner ads and don’t show them again to anyone who has clicked the ad itself, or the [x] to close it.

Read More

FacebookTwitterSubscribe

Categories: Security Education, Sucuri UpdatesTags: Industry Reports, Malware Updates

About Estevao Avillez

Estevao Avillez is Sucuri’s Senior Director of Security Research, who joined the company in 2013. Estevao’s main responsibilities include leading the Research Group, which includes the Malware, Vulnerability and WAF/Sucuri Infrastructure. His professional experience covers 15 years with planning, project and operations management. Estevao has also worked in various areas such as logistics and supply chain, media and communication, telecommunications, and trading relationships with customers. He’s worked as a consultant in financial, strategic and operational management. When Estevao isn’t keeping our customers safe, you might find him taking care of his kids and running. Connect with him on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Getting Started with Sucuri Webinar

Getting Started with Sucuri Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.