Malware Redirecting To Enormousw1illa.com
David Dede We are seeing a large number of sites compromised with a conditional redirection to the domain http://enormousw1illa.com/ (194.28.114.102). On all the sites we analyzed, the…
Browsing Category
Website Malware Infections
864 posts
Funny Spammers: Any Reproduction of This Document in Part or in Whole is Strictly Prohibited
Spam is nothing new, but a recent site we were reviewing was a bit different. After a bit of analysis, we found a file called…
Ask Sucuri: Why Do I Only Get Malware Warnings on Certain Browsers?
Daniel Cid A few days ago, our scanner alerted that a site had malware related to the Blackhole Exploit Kit. The owner of the site said that…
Blacklist Warnings for Users of the Stream-Video-Player WordPress Plugin
If you are using the plugin stream-video-player, it might be a good idea to disable this plugin for now. The plugin loads a Flash player…
Malware Being Called From Your php.ini File
Is your site infected with malware, and you can’t find it anywhere? It might be a good idea to search outside of your web directory,…
The New (and Old) .htaccess Attacks – Now Using .in Domains
We have been talking about .htaccess redirections for a while. A site gets compromised and the attackers modify the .htaccess file(s) to redirect any search…
Htaccess Redirection to Sweepstakesandcontestsinfo dot com
Last week we started to see a large increase in the number of sites compromised with a .htaccess redirection to http://sweepstakesandcontestsinfo.com/nl-in.php?nnn=555. This domain has been…
Timthumb.php Mass Infection – Aftermath – Part I
If you use WordPress you’re probably aware of the mass infection caused by a vulnerability in the timthumb.php script, a photo manipulation script included in…
Evil backdoors – Part II
A few months ago we did a post about backdoors, explaining how they work and how to look for them. If you didn’t read it,…
Mass infections from jjghui.com/urchin.js (SQL injection)
We are seeing many sites compromised with malware from jjghui.com/urchin.js. Most of them are IIS/ASP sites and the infection method seems to be similar to…
Malware on /etc/mailquota
We are seeing an interesting trend lately. A site gets compromised and starts to distribute malware to its users. The webmaster (owner of the site)…