Labs Notes Monthly Recap – Apr/2017

This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on small changes that website owners might miss. Examples include typos in domain names, unused top-level domains (i.e. .com, .solutions), and delayed banner ads.

Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month.

Estevao Avillez

Estevao Avillez is Sucuri’s Senior Director of Security Research, who joined the company in 2013. Estevao’s main responsibilities include leading the Research Group, which includes the Malware, Vulnerability and WAF/Sucuri Infrastructure. His professional experience covers 15 years with planning, project and operations management. Estevao has also worked in various areas such as logistics and supply chain, media and communication, telecommunications, and trading relationships with customers. He’s worked as a consultant in financial, strategic and operational management. When Estevao isn’t keeping our customers safe, you might find him taking care of his kids and running. Connect with him on Twitter.

Related Tags

New Guide on How to Fix Hacked Magento Sites

Alycia Mitchell
February 15, 2017

Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website security. Online shopping, to many people, is…

Read the Post

Evasion Techniques in Phishing Attacks

Fernando Barbosa
August 22, 2017

We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed…

Read the Post

Experience + Technology: How We Clean Infected Websites at Sucuri

Art Martori
June 16, 2020

Our malware removal service is particularly effective because it combines automated and human elements. The process gets off to a quick start thanks to cleanup…

Read the Post

Analysis of the Massive NDSW / NDSX Malware Campaign

Denis Sinegubko
June 2, 2022

Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive…

Read the Post

Analyzing & Decrypting L4NC34’s Simple Ransomware

Cesar Anjos
April 6, 2020

We’re constantly seeing news about computers being infected by ransomware, but very little do we hear about it affecting websites. That being said, the impact…

Read the Post

Vulnerabilities Digest: May 2020

John Castro
May 29, 2020

Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection —…

Read the Post

What is Steganography? How Hackers Hide Malware On Websites

What is Steganography? (Or, How Hackers Hide Malware On Websites)

Rianna MacLeod
May 2, 2023

As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to…

Read the Post

How to Backup a WordPress Site for Free with WP-CLI

Rianna MacLeod
December 22, 2022

Regular website backups are the foundation of a solid website security plan. In the event of data loss or malware infection, restoring a WordPress backup…

Read the Post

Sucuri August 2024 Vulnerability Roundup

WordPress Vulnerability & Patch Roundup August 2024

Sucuri Malware Research Team
August 30, 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

Labs Notes Monthly Recap – Dec/2016

Estevao Avillez
January 12, 2017

Last month there were a number of interesting website hacks being analyzed by our Malware Research Team (MRT) and Incident Response Teams (IRT). The Sucuri…

Read the Post

Related Tags

Related Categories

You May Also Like