LizaMoon Mass SQL injection (ur.php) – Updates
David Dede There has been a lot of talk for the last few days about a mass sql injection targeting IIS/ASP.net sites. Those attacks has been going…
Ask Sucuri: How Long To Remove Google’s Blacklist?
If you have any questions about malware, blacklisting, or security in general, send it to us: contact@sucuri.net and we will answer here. For all the…
Database injection, lessthenaminutehandle.com and more updates
We posted a few weeks ago about a large scale database injection attack affecting WordPress on shared hosts. The infected sites got the following javascript…
APRIL FOOLS: No Serious Security Vulnerability on WordPress 3.x – Remote Command Execution
This post was not real. It was an attempt at humor, as bad as it may seem. The post has been removed, and we understand…
The “div_colors” Malware Update
We are still seeing a big growth in the number of sites infected with the div_colors malware string. In fact, the osCommerce forums are full…
Will Google blacklist itself?
We were analyzing an infected site today and their Google blacklist diagnostic said the following: Has this site hosted malware? Yes, this site has hosted…
Malware week: The div_colors, CreateCSS and others
We are starting to see an interesting trend regarding how the latest web-based malware is being distributed. Instead of heavily encoding the malicious code on…
MySQL.com compromised
MySQL.com (the official site for the MySQL database) was compromised via (shocking!) blind SQL injection. A post was sent today to the full disclosure list…
Database injection and lessthenaminutehandle.com – Intermediary domains
We posted a few days ago about a large scale database injection attack affecting shared hosts. The infected sites got the following javascript malware inserted…
Attacks against IIS/ASP sites – alisa-carter dot com
Over the last few days, we’ve seen a number of sites getting hacked with a malware script pointing to http://alisa-carter.com/ur.php . It is done using…
Tumblr mistake or security issue
There is a post on Hacker News about a possible security issue with Tumblr. Basically a lot of confidential information, including server IPS, API keys,…