SweetCAPTCHA Service Used to Distribute Adware
Denis Sinegubko SweetCaptcha is a free CAPTCHA service that offers to match “sweet” images instead of making you recognize distorted digits and characters. It has integrations with…
Browsing Category
Website Malware Infections
865 posts
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
David Dede Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included…
Critical Persistent XSS 0day in WordPress
Marc-Alexandre Montpas *Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read…
Critical Microsoft IIS Vulnerability Leads to RCE (MS15-034)
Rafael Capovilla Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or Remote Code Execution…
Website Malware – The SWF iFrame Injector Evolves
Peter Gramantik Last year, we released a post about a malware injector found in an Adobe Flash (.swf) file. In that post, we showed how a SWF…
WordPress Malware Causes Psuedo-Darkleech Infection
Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to insert hidden iframes with certain…
Why Website Reinfections Happen
Val Vesa I joined Sucuri a little over a month ago. My job is actually the Social Media Specialist, but we have this process where regardless of…
Inverted WordPress Trojan
A trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously…
Why A Free Obfuscator Is Not Always Free.
We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When…
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…
Analyzing Malicious Redirects in the IP.Board CMS
Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller CMS’s and…