Apache PHP Injection to JavaScript Files
Daniel Cid We have been talking about Apache server-side injections for a while. Ranging from malicious modules, like Darkleech, to modified Apache binaries. From an attacker perspective,…
Browsing Category
Website Malware Infections
839 posts
vBulletin Conditional Malware – myFTP.biz Malicious iFrames
Fioravante Souza We have to be honest here, there’s no fun in cleaning up infected .htaccess files. It’s boring, but it happens a lot! But it’s not…
Plesk 0-day Remote Vulnerability in the Wild
Just last week another 0-day vulnerability on Plesk was released. It affects Plesk 9.2, 9.3 and 9.5.4 versions. If you have not yet, we recommend…
From a Site Compromise to Full Root Access – Local Root Exploits – Part II
When an attacker manages to compromise and get access to a website, they won’t likely stop there, they will aim to gain full root (admin)…
From a Site Compromise to Full Root Access – Symlinks to Root – Part I
When an attacker manages to compromise and get access to a website, they won’t likely stop there, they will aim to gain full root (admin)…
Globo.com redirecting users to Spam ads
David Dede Globo.com, one of the largest Brazilian web portals (ranked #107 on Alexa and #6 for Brazilian traffic) appears to be compromised and all visits to…
Auto Generated IFrames To Blackhole Exploit Kit – Following the Cookie Trail
We often talk about websites being compromised and injected with malware that redirect users to exploit kits. We unfortunately don’t give you a complete picture…
W3 Total Cache and WP Super Cache Vulnerability Being Targeted in the Wild
Tony Perez As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we…
Apache Web Server Attacks Continue to Evolve
For the past few months we have seen a gradual increase in server-level compromises. In fact, every week it seems we’re handling half a dozen…
Apache Binary Backdoors on Cpanel-based servers
For the last few months we have been tracking server level compromises that have been utilizing malicious Apache modules (Darkleech) to inject malware into websites.…
WordPress Malicious Plugin – WPPPM – Abusing 404 Redirects with SEO Poisoning
Bruno Borges, of our security team, came across an interesting case this week, in which a WordPress plugin was abusing the 404 rewrite rules and…