Joomla 1.5.25/1.7.3 Released (Security Update)
David Dede If you are using Joomla, now is the time to update it. A new version was just released for the 1.5.x and 1.7.x branches fixing…
Htaccess Redirection to Sweepstakesandcontestsinfo dot com
Last week we started to see a large increase in the number of sites compromised with a .htaccess redirection to http://sweepstakesandcontestsinfo.com/nl-in.php?nnn=555. This domain has been…
Timthumb.php Mass Infection – Aftermath – Part I
If you use WordPress you’re probably aware of the mass infection caused by a vulnerability in the timthumb.php script, a photo manipulation script included in…
MyBB web site and downloads compromised
It’s not good when your site gets infected with malware, specially if you’re a provider of software to many. If you are using MyBB (forum…
Evil backdoors – Part II
A few months ago we did a post about backdoors, explaining how they work and how to look for them. If you didn’t read it,…
Mass infections from jjghui.com/urchin.js (SQL injection)
We are seeing many sites compromised with malware from jjghui.com/urchin.js. Most of them are IIS/ASP sites and the infection method seems to be similar to…
Malware on /etc/mailquota
We are seeing an interesting trend lately. A site gets compromised and starts to distribute malware to its users. The webmaster (owner of the site)…
Malware Infections from rebotstat dot com
We are starting to share some of our research and view of web-based malware online: http://sucuri.net/global. The #1 infection we are seeing in the last…
MySQL.com Hacked (Javascript Malware)
It looks like the MySQL.com website is currently hacked and compromised with a JavaScript malware (and serving malware to anyone visiting it). Our scanner identified…
Mass compromise at inmotionhosting.com
Thousands of sites were defaced today at InMotion hosting. The defacement was made by “TiGER-M@TE” and all of the affected sites showed the following text:…
Mass Spam Infection From Wplinksforwork Dot Com (50k+ WordPress Sites Hacked)
Last year we spoke about the siteurlpath blackhat SEO attack that was infecting many WordPress sites with spam. But, how many? We had no clue…