Ben Martin

About Ben Martin

Ben Martin is Sucuri’s Security Analyst who joined the company in 2013. Ben's main responsibilities include finding new undetected malware, identifying trends in the website security world, and, of course, cleaning websites. His professional experience covers more than six years of working with infected websites, writing blog posts, and taking escalated tickets. When Ben isn't slaying malware, you might find him editing audio, producing music, playing video games, or cuddling with his cat. Connect with him on Twitter

November 19, 2021Ben Martin

An Overview of Website Reinfection Vectors

The website security landscape is as complicated as it is treacherous. We often deal with clients who become reinfected over and over again. Once the attackers establish a foothold in an environment and recognize that a website is vulnerable, you can guarantee that they will…

November 15, 2021Ben Martin

Fake Ransomware Infection Spooks Website Owners

Starting this past Friday we have seen a number of websites showing a fake ransomware infection. Google search results for “FOR RESTORE SEND 0.1 BITCOIN” were sitting at 6 last…

November 8, 2021Ben Martin

WooCommerce Skimmer Spoofs Checkout Page

Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt appeared in their browser soliciting…

September 8, 2021Ben Martin

Multistage WordPress Redirect Kit

Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware redirects visitors by calling malicious…

September 1, 2021Ben Martin

Analysis of a Phishing Kit (that targets Chase Bank)

Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by…

August 18, 2021Ben Martin

A Short History of Essay Spam (How We Got from Pills to Plagiarism)

From answering beginner questions like ‘What is SEO spam?’ to breaking down the spammers’ code and exactly how they hide their injections in compromised websites, we have written regularly about…

August 13, 2021Ben Martin

Adobe Patches Critical Magento Vulnerabilities in Recent Update

Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according…

July 28, 2021Ben Martin

Stylish Magento Card Stealer loads Without Script Tags

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this…

July 21, 2021Ben Martin

Vulnerable Plugin Exploited in Spam Redirect Campaign

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we…

July 14, 2021Ben Martin

An Overview of Basic WordPress Hardening

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. While there…

July 7, 2021Ben Martin

Magecart Swiper Uses Unorthodox Concatenation

MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the…