“Loader for Secured Files” and arrayed b374k shell encoding
Luke Leal This file (33×77.php) was detected in the document root of a website during a website cleanup for a client. It demonstrates how hackers sometimes use…
Browsing Category
Sucuri Labs
336 posts
Spam Doorway Manager
While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer…
Shoesinfy Spam Injections
Denis Sinegubko Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a…
Backdoor plugin hides from view
One of the most important traits for backdoors is the ability to remain undetected by most users — otherwise it may draw suspicion and be…
Google Analytics Swiper Disguised as Legitimate Traffic
At first glance, this short script looks like benign Google Analytics code: <script type=”text/javascript”> (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async =…
FBCMS Pharmacy Spam Website
Whenever most people think of a website CMS, they most often think of the popular options like WordPress, Joomla, or Drupal. What do all three…
WPTF Hybrid Composer – Unauthenticated Arbitrary Options Update
John Castro With almost 300 installs, WPTF – Hybrid Composer is a framework that helps users easily create custom themes for WordPress. We recently noticed an increase…
Plugins Under Attack: June 2019
A long-lasting malware campaign (1,2) targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. As…
web.config Redirect Malware
Krasimir Konov We recently found this malware on a windows hosting server where the web.config file was modified with the following code. The code redirects multiple user…
Spam Injector Masquerading as Google Analytics
Keith Petkus The domain en-google-analytic[.]com, currently sinkholed by a security intelligence company, has been observed by our team to be part of a mass spam injection campaign.…
CC Stealing Code Pretending to be Bing Ads
During a recent investigation we found this suspicious code pretending to be associated with Bing ads.After further review, we see that the code is actually…