Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
Loading site search ...

Evict Hackers

30 Dec 09   Filed in General with 1 Comment

Last week, I wrote about the latest mutation of the website hack that has been active (mostly in form of iframe injection) throughout this year. I mentioned that for some reason all malicious domain names had been mapped to IP addresses on LeaseWeb and OVH networks. Moreover, LeaseWeb hosted a central site mdvhost .com (hidden behind reverse-proxies) for at least 3 months.
LeaseWeb reaction »»

Unmask Parasites. A Year of Blogging.

02 Dec 09   Filed in General with 4 Comments

A year ago, on December 1, 2008, I published my first post on this blog. Its title was “Let’s Unmask Parasites“.

Working on Unmask Parasites service, I could easily spot prevalent threats and trends in malware attacks. I used this information to help webmasters of hacked sites on various security-related forums and news groups. However, forum format assumes that you answer similar questions again and again, which is very inefficient. That’s why I decided to publish information about prevalent website security problems here. This way I could write detailed information once and then just link to my articles in my forum answers.

Continue »» (Round-up of what happened to this blog this year. Stats and facts.)

Future of Secure Web Browsing

08 Jul 09   Filed in General with 1 Comment

Google Chrome OS

This week Google announced that they are working on a new open source, lightweight operating system that will initially be targeted at netbooks – Google Chrome OS. That’s right. It’s a Google Chrome browser running on top of Linux kernel. Netbooks running Google Chrome OS should be available in the second half of 2010. (BTW, will European Union rule Google exclude Google Chrome browser from the default installation of a Google Chrome OS? )

They are going to completely redesign the underlying security architecture of the OS so that users don’t have to deal with viruses, malware and security updates. As far as I understand the concept, everything should be stored and executed on the web, so traditional malware won’t work on such a OS. On the other hand, I envision criminals somehow make Chrome users subscribe to their malicious web services.
Continue »»

Security Lesson From a Kenyan Marathon Runner

30 Jun 09   Filed in General with Comments Off on Security Lesson From a Kenyan Marathon Runner

If you have a site/blog but you are not a techie and don’t know much about website security, you might want to read this article written by a Kenyan marathon runner about how his blog was hacked.

He received an email from Google saying that his site had been temporarily removed from search index because it contained hidden spam links and thus violated Google’s guidelines.
Continue »»

Blog Moved to VPS

06 Jun 09   Filed in General with 5 Comments


To have more things under my control I moved this blog from a shared hosting plan to a VPS (virtual private server).

However, when I imported WordPress posts to the new location, things didn’t go as expected and the structure of threaded comments got broken. When you read popular posts with active discussions, you might not be able to identify who responding to whom. In new posts, threaded comments should be working. Continue »»

Security Issues With the Blog

22 May 09   Filed in General, Unmask Parasites with 2 Comments

Yesterday, I had been notified that my blog’s web pages sometimes contain malicious scripts. I had to shut down the blog and investigate the issue. Sorry for the inconvenience. I didn’t want to expose you to any threats.

The Unmask Parasites online service was not affected (it is hosted in a different location, and is very secure). It worked all that time. And during the investigation, my blog redirected visitors to
Continue »»

Martuz .cn – New Incarnation of the Gumblar Exploit. So What’s New?

18 May 09   Filed in General, Website exploits with 40 Comments

Gumblar is dead

Many people have noticed that “gumblar .cn” no longer resolve. The site cannot be accessed. Thus the gumblar script is no longer able to load the malicious payload and infect new computers and websites. Great!

Meet the Martuz

The loss of the gumblar .cn domain name can’t stop hackers. They have slightly modified the script and now inject a new version that loads malicious content from a new domain – martuz .cn (95 .129 .145 .58)
Continue »»

A Few More Facts About the Gumblar Attack From SophosLab and ScanSafe.

15 May 09   Filed in General with 14 Comments

The Gumblar exploit seems to be the biggest exploit I’ve ever reviewed in my blog. About a thousand visitors come to read my article about Gumblar every day. This exploit accounts for about 80% of positives on Unmask Parasites and I still don’t see any sign of its decline.

I found some more interesting facts about this exploit in SophosLab’s and ScanSafe’s blogs and would like to share them with you.
Continue »»

Google Analytics is an Intermediary in Malware Distribution

26 Mar 09   Filed in General with 2 Comments

Just checked one site that Google lists as suspicious. And here is what I discovered on the Safe Browsing diagnostic page is listed as intermediary

Continue »» Out of Beta.

18 Mar 09   Filed in General with Comments Off on Out of Beta. is an online community for people looking for help removing viruses, spyware, and other malicious software from their computers and websites. The site is a joint effort of Consumer Reports WebWatch and the project at Harvard University’s Berkman Center for Internet and Society.

I’ve been a member of this community since early alpha releases last fall. I watched the site evolving from what I called “usability disaster” to a very decent web forum with interesting discussions. Yesterday they finally removed the beta label and officially launched the site.
Continue »»