Thousands of Redirecting Files
Denis Sinegubko We recently cleaned a site where we found thousands of malicious files with the following content: <?php header ( “HTTP/1.1 301 Moved Permanently” ) ;…
Browsing Category
Website Malware Infections
859 posts
From .tk Redirects to PushKa Browser Notification Scam
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities…
Attacks on Closed WordPress Plugins
John Castro The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly.…
ThinkPHP 5.x – Remote Code Execution Actively Exploited In The Wild
Earlier this year, we noticed an increase in attacks aiming at ThinkPHP. ThinkPHP is a PHP framework that is very popular in Asia. If you…
SQL Injection in Duplicate-Page WordPress Plugin
Marc-Alexandre Montpas While investigating the Duplicate Page plugin, we have discovered a dangerous SQL Injection vulnerability. Though the plugin wasn’t abused externally, the vulnerability impacted over 800,000…
Malware Campaigns Sharing Network Resources: r00ts.ninja
Luke Leal We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign…
Social Warfare Vulnerability Probes
After a recent disclosure of the Social Warfare plugin vulnerability, we’ve seen massive attacks that inject malicious JavaScripts into the plugin options. The vulnerability has…
Conditional redirection to an online pharmacy store
Moe O During an investigation, a client reported some weird behavior from all incoming visits during their Google search engine result clicks are instantly redirected to an…
Super Amazon Banners Plugin Gone Rogue
Krasimir Konov During a recent investigation we found the plugin Super Amazon Banners to be serving malware/spam via the domain seoranker[.]info. We suspect that the domain expired…
Multi-Vector Attack in Server Logs
We recently noticed an increase on suspicious requests in our logs which reveal a planned attack against the Social Warfare plugin. Bad actors added this…
![More on Dnsden[.]biz Swipers and Radix Obfuscation](https://blog.sucuri.net/wp-content/uploads/2019/03/03192019-uncommon-radixes-uses-in-malware-obfuscation-update_blog-390x183.jpg)
More on Dnsden[.]biz Swipers and Radix Obfuscation
After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]:…