Yuliyan Tsvetkov

16 posts

Yuliyan is Malware Researcher at Sucuri. He is always somewhere on the Internet digging for new malware and meantime helping extending the benchmarks for the PCI-DSS standard. In his free time you can find him skiing in the big mountain. Find him on Twitter @yuliyantsvetkov

Website Security

Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data

Yuliyan Tsvetkov
March 8, 2018

We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily encoded. These…

Read the Post

Protecting Phishing Pages via .htaccess

Yuliyan Tsvetkov
July 11, 2017

Phishers usually want to protect their pages from being detected by search engines and security companies. To achieve that, they add .htaccess files that deny…

Read the Post

The elegant dropper – reusable code for PHP shell installation

Yuliyan Tsvetkov
May 31, 2017

During our malware research role, we analyze hundreds (if not thousands) of malware samples every day. Quite often, highly-obfuscated techniques are used by attackers to…

Read the Post

Website Malware Infections

Malicious Image Defacement Hidden from Search Engines

Yuliyan Tsvetkov
April 11, 2017

After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or…

Read the Post

Attackers Silently add new user with Administrator role to WordPress sites

Yuliyan Tsvetkov
March 16, 2017

Attackers tend to get smarter in order to avoid detection, as well as gain access to your WordPress site. They use legit functions of the…

Read the Post

Set your Cookie, Execute a Command

Yuliyan Tsvetkov
March 9, 2017

Backdoors evolve. They tend to get more complex, harder to understand and harder to decode, but this is not always the case. Most of the…

Read the Post

Monetized JavaScript Redirect to Free Porn Webcams for Mobile Devices

Yuliyan Tsvetkov
March 2, 2017

Attackers will do desperate and obvious things to boost the views of their ‘customers’. On a daily basis we find different malicious redirects (some are…

Read the Post

Hiding malicious code from the user using white spaces

Yuliyan Tsvetkov
February 14, 2017

Over the years, attackers have used different techniques for hiding malicious files on websites. They obfuscated code, changed legit functions to execute malware, modified whole…

Read the Post

Joomla admin login bypass – set your UA for full admin access

Yuliyan Tsvetkov
February 1, 2017

Every day we analyse hundreds of new malicious files. Some of them are simple backdoors, injected iframes, or one liner defacements. Another type of malware,…

Read the Post

Web shell downloader – simple attempt to avoid detection

Yuliyan Tsvetkov
December 29, 2016

When dealing with compromised scenarios, our team has to be very thorough to remove all pieces of malware in the infected website. Most of the…

Read the Post

Sucuri Labs

Malicious script injected to WordPress theme allowing Admin Login Bypass

Yuliyan Tsvetkov
December 22, 2016

On a daily basis we find different kinds of malware like backdoors, credit card stealers, injected scripts, and phishing pages. While each one of those…

Read the Post