Bruno Zanelato

About Bruno Zanelato

Bruno is the Website Firewall Manager at Sucuri. He has 15 years experience deploying open-source security software, hardening systems, PCI compliance, and preventive measures for new exploitation techniques. He is currently a member of the Brazilian Snort community and OWASP Brazilian chapter member. Find him on Twitter @braindeadlylabs

May 20, 2019Bruno Zanelato

W97M/Downloader Malware Dropper Served from Compromised Websites

W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a year, which serves as a doorway to Vawtrak and Dridex banking trojans. This malware campaign targets a wide array of…

September 18, 2018Bruno Zanelato

Backdoor Uses Paste Site to Host Payload

Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A…

September 21, 2017Bruno Zanelato

Ecommerce Security: Fake Jquery Used as CC Scraper

In the last few months, we noticed an increase in attacks targeting ecommerce platforms aiming to steal credit card information. We saw a similar rise last year after the summer…

March 10, 2017Bruno Zanelato

SF9 Realex Magento Module Targeted by Credit Card Scrapers

Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked massive attacks against Magento sites where attackers are injecting…

February 20, 2017Bruno Zanelato

Joomla Security – Pornography Spam Campaign in the Wild

One of the worst experiences for a website owner is finding out that the search results for your site have turned into a pharmacy, a fashion outlet, or even a…

December 29, 2016Bruno Zanelato

Session Stealer Script Used In OpenCart

With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up…

November 23, 2016Bruno Zanelato

Malicious Redirect Injected in Magento One Page Checkout

With the holiday season around the corner, ecommerce sites are very valuable to website owners and equally attractive to attackers. Hackers have been targeting Magento installations in order to steal…

October 4, 2016Bruno Zanelato

WordPress Hack Modifies Core Files to Share Spam

One of the worst feelings a website owner can experience is discovering that your site has been hacked. Without proper security measures in place, even website owners with the best…

February 10, 2016Bruno Zanelato

Seo-moz.com SEO Spam Campaign

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites…