• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Labs Notes Monthly Recap – May/2017

June 6, 2017Estevao AvillezEspanolPortugues

14
SHARES
FacebookTwitterSubscribe

Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month.

This month, our Malware Research and Incident Response teams wrote about malware infections ranging from backdoors, credit card stealers, and malvertising.

The Elegant Dropper – Reusable Code for PHP Shell Installation

Yuliyan Tsvetskov

In website security, a “dropper” is a piece of code that downloads malicious content from an external source. The actual code injection on the victim’s site appears legitimate and is often undetected by security scanners.

This piece of code uses additional evasion techniques by setting up variables to store the path where the backdoor will be injected, then downloading the contents from an external malicious URL containing the backdoor code. By putting these two together, the malicious file contents are injected into the WordPress admin area. Even if the backdoor is removed, the dropper can be executed again to reinject the backdoor.

Read More

Simple $_COOKIE Backdoor Variation

Fernando Barbosa

Malware often uses $_POST and $_GET requests to inject (or steal) content for malicious purposes which are usually later flagged as malicious.

In this case, we look at an attacker who sets cookie content to contain malicious content in the form of “eval” statements and executable code. We found several variants throughout the infected file system. These cookies are then used as variables in malware injections and executed remotely.

Read More

Tricky Malvertising Injections

Abdelli Nasereddine

Conditional malware attempts target only specific visitors (geo-locations, devices, or referrers like Google Search), which make the malware harder to detect. This type of targeting is often seen with SEO spam and malvertising.

This malicious code serves specific ads to visitors in different time zones. Lately, these types of injections are noticeably rising in popularity.

Read More

Client-Side or Server-Side Script?

Denis Sinegubko

JavaScript malware injections are always suspicious. What appears to be a benign resource can actually be malicious. We found this particular infection on a Magento website but with a twist on the classic credit card stealer.

A server-side script receives data from filled in checkout forms by collecting POST request info. If you don’t use the POST method and don’t pass correct parameters, it pretends to be a benign JavaScript.

Read More

14
SHARES
FacebookTwitterSubscribe

Categories: Security Education, Sucuri UpdatesTags: Industry Reports, Malware Updates

About Estevao Avillez

Estevao Avillez is Sucuri’s Senior Director of Security Research, who joined the company in 2013. Estevao’s main responsibilities include leading the Research Group, which includes the Malware, Vulnerability and WAF/Sucuri Infrastructure. His professional experience covers 15 years with planning, project and operations management. Estevao has also worked in various areas such as logistics and supply chain, media and communication, telecommunications, and trading relationships with customers. He’s worked as a consultant in financial, strategic and operational management. When Estevao isn’t keeping our customers safe, you might find him taking care of his kids and running. Connect with him on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Getting Started with Sucuri Webinar

Getting Started with Sucuri Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.