Analysis of Gumblar Zombie URLs
As you might know, I maintain and regularly update a list of Gumblar zombie URLs. The main reason why I do it is to help webmasters of compromised sites find relevant information about the source of their problems and the steps required to clean up and secure their sites. I see this pattern quite often, when webmasters find a suspicious script in their web pages and use it in Google searches to find more information about it. On the other hand, this list can also help reveal the security breach of sites that hackers use to host Gumblar zombie scripts.
This week the list has reached the level of 1,000+ URLs. Although it’s just a small part of all Gumblar zombie scripts, this list makes a good base for a quick analysis of Gumblar zombie URLs.
Continue »»
At Google’s Office in Moscow
My visit to Google, Moscow last week ;)
Introduction to Website Parasites
Wikipedia defines Parasitism as a “type of symbiotic relationship between organisms of different species in which one, the parasite, benefits from a prolonged, close association with the other, the host, which is harmed.”
This definition perfectly describes relationships between hackers and legitimate websites. As it often happens in real life, the host (legitimate website and its owner) may be completely unaware of parasites until the harmful effect becomes obvious (e.g. drops in traffic, lost search engine rankings, site gets blacklisted, etc. ). And it doesn’t matter how big or small your site is and how malicious the hack is – this is the sort of relationships where parasites (hackers) always win and legitimate websites always lose.
As a webmaster, you can be more effective at detecting and mitigating parasitic activities if you know how hackers can benefit from your site .
Continue »»
Evict Hackers
Last week, I wrote about the latest mutation of the website hack that has been active (mostly in form of iframe injection) throughout this year. I mentioned that for some reason all malicious domain names had been mapped to IP addresses on LeaseWeb and OVH networks. Moreover, LeaseWeb hosted a central site mdvhost .com (hidden behind reverse-proxies) for at least 3 months.
LeaseWeb reaction »»
Unmask Parasites. A Year of Blogging.
A year ago, on December 1, 2008, I published my first post on this blog. Its title was “Let’s Unmask Parasites“.
Working on Unmask Parasites service, I could easily spot prevalent threats and trends in malware attacks. I used this information to help webmasters of hacked sites on various security-related forums and news groups. However, forum format assumes that you answer similar questions again and again, which is very inefficient. That’s why I decided to publish information about prevalent website security problems here. This way I could write detailed information once and then just link to my articles in my forum answers.
Continue »» (Round-up of what happened to this blog this year. Stats and facts.)
Future of Secure Web Browsing
Google Chrome OS
This week Google announced that they are working on a new open source, lightweight operating system that will initially be targeted at netbooks – Google Chrome OS. That’s right. It’s a Google Chrome browser running on top of Linux kernel. Netbooks running Google Chrome OS should be available in the second half of 2010. (BTW, will European Union rule Google exclude Google Chrome browser from the default installation of a Google Chrome OS? )
They are going to completely redesign the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. As far as I understand the concept, everything should be stored and executed on the web, so traditional malware won’t work on such a OS. On the other hand, I envision criminals somehow make Chrome users subscribe to their malicious web services.
Continue »»
Security Lesson From a Kenyan Marathon Runner
If you have a site/blog but you are not a techie and don’t know much about website security, you might want to read this article written by a Kenyan marathon runner about how his blog was hacked.
He received an email from Google saying that his site had been temporarily removed from search index because it contained hidden spam links and thus violated Google’s guidelines.
Continue »»
Security Issues With the Blog
Yesterday, I had been notified that my blog’s web pages sometimes contain malicious scripts. I had to shut down the blog and investigate the issue. Sorry for the inconvenience. I didn’t want to expose you to any threats.
The Unmask Parasites online service was not affected (it is hosted in a different location, and is very secure). It worked all that time. And during the investigation, my blog redirected visitors to http://www.UnmaskParasites.com
Continue »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
Blog Moved to VPS
Hi,
To have more things under my control I moved this blog from a shared hosting plan to a VPS (virtual private server).
However, when I imported WordPress posts to the new location, things didn’t go as expected and the structure of threaded comments got broken. When you read popular posts with active discussions, you might not be able to identify who responding to whom. In new posts, threaded comments should be working. Continue »»
Tags: threaded comments VPS WordPress