Bank Phishing Incident Analysis
Fioravante Souza Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked from…
One, two, three… CC stolen!
Fernando Barbosa Attackers work hard to make their code very well hidden from the victim and antivirus products, however they might leave some fingerprints (usually not on…
vBulletin Used to Show Malicious Advertisements
Cesar Anjos In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012…
Labs Notes Monthly Recap – Feb/2017
Estevao Avillez Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT). The Sucuri Labs…
Monetized JavaScript Redirect to Free Porn Webcams for Mobile Devices
Yuliyan Tsvetkov Attackers will do desperate and obvious things to boost the views of their ‘customers’. On a daily basis we find different malicious redirects (some are…
The Story of an Expired WHOIS Server
Salvador Aguilar We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into…
Ghost from the Past
Denis Sinegubko Some sites may stay infected or not properly cleaned for years. Eventually, they come to us and we clean them. It doesn’t matter whether the…
SQL Injection Vulnerability in NextGEN Gallery for WordPress
Slavco Mihajloski As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While…
When malware injection goes wrong
Ben Martin Today while scanning a client’s website, I found a failed attempt by attackers to hide the location of a backdoor. It is very common for…
Ask Sucuri: Common WAF Questions and Concerns
Tony Perez There is no more frustrating experience than knowing you need something, but not knowing which questions to ask. This resonates with website owners when they…
Spam content injection
Samuel Odendaal During a recent incident response investigation, we detected an infected website loading spam content from another location. The malware was responsible for fetching the spam…