msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Injected Script Loads Host.exe Using Hidden Iframes and Java Applets

Today, I can see many blacklisted sites where Google report one of the following three domains as a source of the problem:

  • aubreyserr .com
  • medien-verlag .de
  • yennicq .be

E.g.

Malicious software is hosted on 1 domain(s), including medien-verlag.de/.

The attack is quite interesting so I decided to share results of my initial investigation here.
Continue »»

Tweet Week: December 20-26, 2010

27 Dec 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

ProFTPD patch, WP plugin, IE hole, UP update, MD5 domain name …»»

Two Tweet Weeks: December 6-19, 2010

20 Dec 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

New Google’s warnings for compromised websites, WordPress 3.03, stolen passwords, malicious add, security tips »»

WordPress Experts Aim to Provide Secure WordPress Hosting

14 Dec 10   Filed in Hosting+Security with 1 Comment

This is the second interview in the “Hosting+Security” series.

WordPress – is the most frequently used tag on this blog. There are two major reasons for this:

  1. I use WordPress myself and closely track development in this area.
  2. WordPress is the most popular free open-source blogging engine (according to its developers it is currently used by 25+ million sites), which makes it equally popular for hackers as a target of their attacks.

Thousands (if not millions) of WordPress bloggers have already experienced various security related problems: malicious scripts and spammy links injected into their web pages, rogue users, corrupted databases — they know how much time and efforts it may take to recover their sites, and how it can be frustrating to find their blogs hacked again just a few weeks later.

In this interview, I will talk with Jason Cohen about WordPress security and his new WPEngine hosting company that aims to protect your WP blogs better than any traditional shared hosting provider.
Continue »»

Hackers Turn Legitimate Websites into Underground Software Stores

10 Dec 10   Filed in Website exploits with 2 Comments

This is the time of the year when online sellers do their best to attract herds of holiday shoppers. Software pirates are no different. They offer huge discounts (up to 95%) for popular and expensive software products and provide user-friendly online stores. They even made their sites one step closer to you!
Continue »»

Two Tweet Weeks: November 22 – December 5, 2010

06 Dec 10   Filed in Tweet Week with Comments Off on Two Tweet Weeks: November 22 – December 5, 2010

Selected short messages and links you might have missed if you don’t follow me on Twitter.

WordPress 3.02 update and security tips, backdoor in ProFTPD, 1M milestone, discussing my article about doorways »»

1 Million Pages Checked by Unmask Parasites!

05 Dec 10   Filed in Unmask Parasites with Comments Off on 1 Million Pages Checked by Unmask Parasites!
Milestone: 1 Million pages checked

1 Million web pages have been checked by Unmask Parasites since July 1, 2008.
167,033 of them were found suspicious for one reason or another.

This happened on December 5, 2010 around 00:00 GMT.

Looking forward for the second million :)

Doorways on Non-default Ports — New Trend in Black Hat SEO?

03 Dec 10   Filed in Website exploits with 12 Comments

A year ago I blogged about how hackers managed to hijack hundreds of high-profile websites to make them promote online stores that sold pirated software at about 5-10% of a real cost. They used quite a standard scheme that involved cloaking (making spammy links visible only to search engine crawlers) and conditional redirects (visitors from search engines who clicked on specifically-crafted links on compromised sites got redirected to online stores of software pirates)

Despite of all my warnings, most of those site are still hacked and help sell pirated software and steal credit card numbers. This negligence of site/server administrators encouraged cyber criminals to step even further in abusing reputation and resources of compromised servers. This post will be about one of such steps.
Continue »»

Can Security Be Bread and Butter of a Hosting Provider?

29 Nov 10   Filed in Hosting+Security with 3 Comments

My first interview in the “Hosting+Security” category will be with Jim Walker of TVCNet.

I know Jim for quite some time. I met him in various forums where webmasters discuss security problems. A couple of months ago he started to advertise his malware removal service on my Unmask Parasites site. Before placing the ads, I did some background check and was impressed with their focus on security features and their looong list of signed testimonials.

To find out more about how a relatively small hosting provider can ensure security of their clients’ websites, I asked Jim to answer my questions and tell my blog readers about his company’s security practices.
Continue »»

Tweet Week: November 15-21, 2010

22 Nov 10   Filed in Tweet Week with Comments Off on Tweet Week: November 15-21, 2010

Selected short messages and links you might have missed if you don’t follow me on Twitter.

StopBadware’s new initiative, Adobe Reader X, osCommerce under attack, … »»