Spam Doorway Manager
Luke Leal While investigating a client’s compromised website, we saw a malicious file that was being used to manage an existing SEO spam doorway. We usually refer…
Browsing Category
Website Malware Infections
858 posts
Shoesinfy Spam Injections
Denis Sinegubko Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a…
Backdoor plugin hides from view
One of the most important traits for backdoors is the ability to remain undetected by most users — otherwise it may draw suspicion and be…
Google Analytics Swiper Disguised as Legitimate Traffic
At first glance, this short script looks like benign Google Analytics code: <script type=”text/javascript”> (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async =…
FBCMS Pharmacy Spam Website
Whenever most people think of a website CMS, they most often think of the popular options like WordPress, Joomla, or Drupal. What do all three…
Reset Email Account Passwords after Website Infection: Follow Up
In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise. The information…
The Strange Case of the Malicious Favicon
Néstor Angulo During the past year, our Remediation department has seen a large increase in the number of fully spammed sites. The common factors are strangely named…
WPTF Hybrid Composer – Unauthenticated Arbitrary Options Update
John Castro With almost 300 installs, WPTF – Hybrid Composer is a framework that helps users easily create custom themes for WordPress. We recently noticed an increase…
Spam That Fits Your Website
Gabriel Barbosa Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to…
WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations
Antony Garand The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.…
Plugins Under Attack: June 2019
A long-lasting malware campaign (1,2) targeting deprecated, vulnerable versions of plugins continues to be leveraged by attackers to inject malicious scripts into affected websites. As…