Fernando Barbosa

23 posts

Fernando Barbosa is a Sucuri's Software Development Manager who joined the company in 2012. Fernando's main responsibilities include leading Sucuri's backend teams and engineering solutions for our suite of security products. His professional experience also covers five years of malware analysis and incident response. When Fernando isn't working, you might find him having good times with his family. Connect with Fernando on Twitter.

Fake bb_press Plugin Redirects to Mobile Pornography

Fernando Barbosa
January 24, 2017

When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access…

Read the Post

WordPress Security

Cloned Spam Sites in Subdirectories

Fernando Barbosa
November 15, 2016

In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete…

Read the Post

New XM1RPC SEO Spam and Backdoor Campaign

Fernando Barbosa
November 8, 2016

We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign…

Read the Post

WordPress Security

Malicious WordPress Subdirectory Installs For SEO Spam

Fernando Barbosa
October 25, 2016

Remediating over 500 infected sites per day, we see attacks executed at varying levels of complexity. The tactics attackers use to compromise a site provide…

Read the Post

Sucuri Labs

Backdoor abusing of PHP tricks

Fernando Barbosa
October 24, 2016

During an incident response process, we found a very interesting malicious code abusing some PHP tricks. Attackers placed the malware at the end of a…

Read the Post

Sucuri Labs

Backdoors abusing of spaces

Fernando Barbosa
October 21, 2016

Lately we’ve seen more backdoors that have some specific characteristics, like using several spaces between the code and processing information coming from POST requests. Attackers…

Read the Post

Sucuri Labs

Malicious Pop-ups in vBulletin

Fernando Barbosa
September 23, 2016

Pop-up ads are annoying. Unfortunately many sites rely on them to pay for their operational expenses and even to make some extra cash. However when…

Read the Post

Sucuri Labs

Fake WordPress Installs and Sunglasses Spam

Fernando Barbosa
August 9, 2016

Spammers are constantly looking for ways make use of resources of hacked sites in their black hat SEO schemes. In most cases, spam injections and…

Read the Post

Sucuri Labs

JScript ASP.NET Backdoor

Fernando Barbosa
July 29, 2016

Backdoors can be simple and powerful at the same time. They’re also very common to be seen along with any kind of infection so that…

Read the Post

Sucuri Labs

File Uploader in Drupal Database

Fernando Barbosa
May 31, 2016

It’s very common to see backdoors such as uploaders among site’s files. However, we have seen more often cases where file uploaders, mainly in Drupal…

Read the Post

Sucuri Labs

vBulletin Still Redirecting to Myfilestore.com

Fernando Barbosa
October 13, 2015

MyFileStore[.]com redirects from vBulletin sites have been a problem since 2011. It is associated with the VBSEO plugin with multiple unpatched vulnerabilities that has been…

Read the Post