Fernando Barbosa

23 posts

Fernando Barbosa is a Sucuri's Software Development Manager who joined the company in 2012. Fernando's main responsibilities include leading Sucuri's backend teams and engineering solutions for our suite of security products. His professional experience also covers five years of malware analysis and incident response. When Fernando isn't working, you might find him having good times with his family. Connect with Fernando on Twitter.

Books SEO Spam

Fernando Barbosa
October 16, 2017

We already discussed in our blog some cases where the attacker uploaded a full ready-to-use website in order to promote their products and services. This…

Read the Post

Soccer spam. Really?

Fernando Barbosa
September 21, 2017

In the last few months, we’ve covered several cases of SEO Spam in our labs and blog that were promoting products and services ranging from…

Read the Post

Evasion Techniques in Phishing Attacks

Fernando Barbosa
August 22, 2017

We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed…

Read the Post

Phishing the Right Phish

Fernando Barbosa
July 4, 2017

Social engineering techniques, like phishing, can be powerful in persuading users into performing specific actions or disclosing confidential information. In these types of scenarios, attackers…

Read the Post

Unwanted “Shorte St” Ads in Unpatched Newspaper Theme

Fernando Barbosa
June 20, 2017

Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove…

Read the Post

How Undefined Variables Can Give You RCE

Fernando Barbosa
June 5, 2017

When investigating a compromised website, our team has to make sure that all malware and backdoors are cleared from the environment. In some instances, these…

Read the Post

Simple $_COOKIE backdoor (variation)

Fernando Barbosa
May 30, 2017

There are many ways to develop a backdoor and virtually all of them share a similar goal – not to be discovered. To achieve that,…

Read the Post

WebSockets, Viagra and Fake CloudFlare CDN

Fernando Barbosa
April 3, 2017

Recently we’ve seen some WordPress websites displaying unwanted banners at the bottom of the page which appear 15 seconds after browsing the website. Those banners…

Read the Post

WordPress Security

Malicious Subdirectories Strike Again

Fernando Barbosa
March 17, 2017

In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites.…

Read the Post

doc.google.com.TROJAN

Fernando Barbosa
March 14, 2017

During an incident response process, we identified some files located at a website’s root folder. Although they had different filenames (post.php, news.php, home.php, etc), they…

Read the Post

One, two, three… CC stolen!

Fernando Barbosa
March 7, 2017

Attackers work hard to make their code very well hidden from the victim and antivirus products, however they might leave some fingerprints (usually not on…

Read the Post