Fernando Barbosa

About Fernando Barbosa

Fernando Barbosa is a Sucuri's Software Development Manager who joined the company in 2012. Fernando's main responsibilities include leading Sucuri's backend teams and engineering solutions for our suite of security products. His professional experience also covers five years of malware analysis and incident response. When Fernando isn't working, you might find him having good times with his family. Connect with Fernando on Twitter.

October 16, 2017Fernando Barbosa

Books SEO Spam

We already discussed in our blog some cases where the attacker uploaded a full ready-to-use website in order to promote their products and services. This is a well-known SEO spam tactic, but this time we’re going to cover what we found in a recent incident…

Soccer spam. Really?

In the last few months, we’ve covered several cases of SEO Spam in our labs and blog that were promoting products and services ranging from essay writing to sunglasses. From…

Evasion Techniques in Phishing Attacks

We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the Apple ID…

July 4, 2017Fernando Barbosa

Phishing the Right Phish

Social engineering techniques, like phishing, can be powerful in persuading users into performing specific actions or disclosing confidential information. In these types of scenarios, attackers look for vulnerable sites on…

June 20, 2017Fernando Barbosa

Unwanted “Shorte St” Ads in Unpatched Newspaper Theme

Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that…

June 5, 2017Fernando Barbosa

How Undefined Variables Can Give You RCE

When investigating a compromised website, our team has to make sure that all malware and backdoors are cleared from the environment. In some instances, these backdoors are easier to detect…

May 30, 2017Fernando Barbosa

Simple $_COOKIE backdoor (variation)

There are many ways to develop a backdoor and virtually all of them share a similar goal – not to be discovered. To achieve that, some attackers are giving up…

April 3, 2017Fernando Barbosa

WebSockets, Viagra and Fake CloudFlare CDN

Recently we’ve seen some WordPress websites displaying unwanted banners at the bottom of the page which appear 15 seconds after browsing the website. Those banners are being generated due to…

March 17, 2017Fernando Barbosa

Malicious Subdirectories Strike Again

In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into…

March 14, 2017Fernando Barbosa

doc.google.com.TROJAN

During an incident response process, we identified some files located at a website’s root folder. Although they had different filenames (post.php, news.php, home.php, etc), they had the same malicious content:…

One, two, three… CC stolen!

Attackers work hard to make their code very well hidden from the victim and antivirus products, however they might leave some fingerprints (usually not on purpose) that can make the…