Labs Notes Monthly Recap

This month, our Malware Research and Incident Response teams wrote about redirects that deliver malware and ads to visitors, as well as a backdoor method that attempts to hide from webmasters by using undefined variables.

Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past monthly recaps to catch up on trends we look at every month.

How Undefined Variables Can Give You RCE

Fernando Barbosa

We look at a backdoor that uses undefined variables to hide a backdoor. These variables are ignored, allowing the remaining code to be executed.

Once the invalid variables were removed, we could clearly see a backdoor that allows the attacker full remote command access to the infected website.

Undesired Redirects

Cesar Anjos

A piece of obfuscated code in a WordPress theme’s header.php file is used to change the browser history of visitors.

If a visitor clicks the Back button in their browser, they are taken to a page that downloads rootkits and causes pop-up ads to be displayed.

Yet Another Expired Domain Causes WP Plugin to Redirect Users

Krasimir Konov

An old plugin in the WordPress repository has been unsupported for over two years. As part of the plugin, external scripts were loaded from the developer’s website.

It seems that this developer has let that domain expire. A malicious person took over the domain and started using it to cause JavaScript-based redirects for all websites using the plugin. This is why we always highly recommend that developers do not load resources from external websites.

Labs Notes Monthly Recap – June/2017

About Estevao Avillez

About Estevao Avillez

Reader Interactions