Tattoo Ideas For … Spammers
Do you know how many people use Google Images to see a new tattoo of some celebrity or to search for tattoo ideas? What about using image search for hairstyle lookups? Or to find new wallpapers for your computer desktop? I’d say millions do it. That’s why these niches are particularly interesting for “black hats”.
Continue »»
Google Image Poisoning. Mitigation and the New Wave.
In May, I wrote a big article about my investigation of a massive Google Image poisoning attack. A quick recap: cybercriminals created millions of doorway pages on dozens of thousands compromised websites. Those pages exploited a flaw in Google Image search algorithm that made it possible for pages with hot-linked images to hijack search results of websites where the images actually belonged to. The attack scheme was very efficient and hundreds of thousand (if not millions) people clicked on poisoned image search results every day.
Not only did I publish results of my investigation on my blog but also shared a great deal of gathered information (lists of compromised sites, algorithms, etc.) with Google and antivirus vendors. I hope this made some difference as I started observe changes literally the next day after the article publication.
In this 2-part series of posts, I will talk about what’s changed since then. Specifically about how Google addressed this problem (part I) and how cybercriminals changed the attack scheme (part II).
Continue »»
Readable SafeBrowsing Add-on for Firefox 4+
I actively work with Google’s Safe Browsing diagnostic pages. They are a great source of information if you know how to interpret them. I usually read several dozen such diagnostic pages a day. Unfortunately, the readability of the diagnostic pages is quite poor.
To make my life easier, I created a simple script that highlighted important information so that I could see everything I needed at a glance. I had been using that script for more than a year before the recent Firefox 4 upgrade broke it (the technology I used is deprecated now). This was a serious loss for me. Every time I opened Safe Browsing diagnostic pages (several dozen times a day) I missed my script. Even though I knew the page layout very well, it took significantly more efforts to extract the same amount of information. The difference was almost the same as you might feel when you have to use a touchpad instead of a normal mouse.
Continue »»
Analysis of Gumblar Zombie URLs
As you might know, I maintain and regularly update a list of Gumblar zombie URLs. The main reason why I do it is to help webmasters of compromised sites find relevant information about the source of their problems and the steps required to clean up and secure their sites. I see this pattern quite often, when webmasters find a suspicious script in their web pages and use it in Google searches to find more information about it. On the other hand, this list can also help reveal the security breach of sites that hackers use to host Gumblar zombie scripts.
This week the list has reached the level of 1,000+ URLs. Although it’s just a small part of all Gumblar zombie scripts, this list makes a good base for a quick analysis of Gumblar zombie URLs.
Continue »»
At Google’s Office in Moscow
My visit to Google, Moscow last week ;)
Introduction to Website Parasites
Wikipedia defines Parasitism as a “type of symbiotic relationship between organisms of different species in which one, the parasite, benefits from a prolonged, close association with the other, the host, which is harmed.”
This definition perfectly describes relationships between hackers and legitimate websites. As it often happens in real life, the host (legitimate website and its owner) may be completely unaware of parasites until the harmful effect becomes obvious (e.g. drops in traffic, lost search engine rankings, site gets blacklisted, etc. ). And it doesn’t matter how big or small your site is and how malicious the hack is – this is the sort of relationships where parasites (hackers) always win and legitimate websites always lose.
As a webmaster, you can be more effective at detecting and mitigating parasitic activities if you know how hackers can benefit from your site .
Continue »»
Evict Hackers
Last week, I wrote about the latest mutation of the website hack that has been active (mostly in form of iframe injection) throughout this year. I mentioned that for some reason all malicious domain names had been mapped to IP addresses on LeaseWeb and OVH networks. Moreover, LeaseWeb hosted a central site mdvhost .com (hidden behind reverse-proxies) for at least 3 months.
LeaseWeb reaction »»
Unmask Parasites. A Year of Blogging.
A year ago, on December 1, 2008, I published my first post on this blog. Its title was “Let’s Unmask Parasites“.
Working on Unmask Parasites service, I could easily spot prevalent threats and trends in malware attacks. I used this information to help webmasters of hacked sites on various security-related forums and news groups. However, forum format assumes that you answer similar questions again and again, which is very inefficient. That’s why I decided to publish information about prevalent website security problems here. This way I could write detailed information once and then just link to my articles in my forum answers.
Continue »» (Round-up of what happened to this blog this year. Stats and facts.)
Future of Secure Web Browsing
Google Chrome OS
This week Google announced that they are working on a new open source, lightweight operating system that will initially be targeted at netbooks – Google Chrome OS. That’s right. It’s a Google Chrome browser running on top of Linux kernel. Netbooks running Google Chrome OS should be available in the second half of 2010. (BTW, will European Union rule Google exclude Google Chrome browser from the default installation of a Google Chrome OS? )
They are going to completely redesign the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. As far as I understand the concept, everything should be stored and executed on the web, so traditional malware won’t work on such a OS. On the other hand, I envision criminals somehow make Chrome users subscribe to their malicious web services.
Continue »»
Security Lesson From a Kenyan Marathon Runner
If you have a site/blog but you are not a techie and don’t know much about website security, you might want to read this article written by a Kenyan marathon runner about how his blog was hacked.
He received an email from Google saying that his site had been temporarily removed from search index because it contained hidden spam links and thus violated Google’s guidelines.
Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
