web.config Redirect Malware
Krasimir Konov We recently found this malware on a windows hosting server where the web.config file was modified with the following code. The code redirects multiple user…
Browsing Category
Website Malware Infections
858 posts
Why is Your Website a Target? The SEO Value of a Website
Douglas Santos Website security is what we eat, sleep, and breathe. It’s what we do best because we deal with hacked websites every single day, thousands of…
Spam Injector Masquerading as Google Analytics
Keith Petkus The domain en-google-analytic[.]com, currently sinkholed by a security intelligence company, has been observed by our team to be part of a mass spam injection campaign.…
CC Stealing Code Pretending to be Bing Ads
During a recent investigation we found this suspicious code pretending to be associated with Bing ads.After further review, we see that the code is actually…
Leveraging Stored Procedures for Nefarious Purposes
Bruno Zanelato Here at Sucuri, we clean thousands of websites on a daily basis, and while some of them are easy to solve, others may require more…
Cryptomining Dropper and Cronjob Creator
Luke Leal Recently, someone reached out to us about a malicious process they had discovered running on their web server. This process was maxing out the CPU,…
Malware Infection from One Directory Up
Mohit Jawanjal Malicious code can reside anywhere on the site — not just in the web directory of the folder. During a recent incident response, all pages…
Lightbox Adware – From Innocent Scripts to Malicious Redirects
Cesar Anjos It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the…
Hiding a Hacktool Using a .jpg Extension
Gabriel Barbosa Hackers will do anything to hide their intentions behind the files they upload to compromised websites. This time, we’ve found a hacktool hidden inside a…
Stored XSS in MyBB <= 1.8.20
Marc-Alexandre Montpas The open source PHP forum software myBB recently published a new update, version 1.8.21. This is a security release fixing a Stored XSS vulnerability in…
Korean Gambling and Call Girl Spam on Hacked and Non-hacked Sites
Denis Sinegubko This blog post talks about how a web spam campaign that targets only one country may create problems for sites owners around the world —…