Fake AdWords Domain Advertises USA Immigration Service
Denis Sinegubko You might know Google popular services: Google Ads, AdSense and DoubleClick. You might even know scripts and domains they use. For example, DoubleClick loads scripts…
Hiding spam from Ahrefs and Majestic
Many black hat SEO campaigns use cloaking on hacked sites. Malicious scripts only inject spammy content when search engine crawlers request web pages on compromised…
Fake Media Download Sites
Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by…
Pseudo-Darkleech in Drupal
It’s just a minor update about the “pseudo-darkleech” malware we’ve been following for about a year now. We wrote that it can be usually located…
File Modification Date – not the Best Compromise Signal
Some webmasters only check recently modified files when searching for malware. It may work sometimes, but many infections don’t change files’ time-stamps. There is the…
Website Malware – Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and…
IP Obfuscation Using Dots ………
Recently I analyzed a porn doorway script and found an interesting way to obfuscate an IP address there. $adr1 = “………………………………………………………………………………………………………………………………………………………..”; $adr2 = “………………………………………………………………………………………………………………………………………………………………………………………………………………..”; $adr3…
Distributed Vulnerability Search – Told via Access Logs
Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of…
jQuery.min.php Malware Affects Thousands of Websites
Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection.…
Massive Magento Guruincsite Infection
We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already blacklisted about seven thousand sites because…
Redirect to Microsoft Word Macro Virus
These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s…