Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
Loading site search ...

Gumblar/Martuz Aftermath

26 May 09   Filed in Tips and Tricks, Website exploits with 10 Comments

The Gumblar/Martuz epidemic is currently on decline. Comparing with the last week, this week Unmask Parasites registers only a small fraction of Gumblar infected web sites. And I don’t see any new script mutations.

“Martuz .cn” domain no longer resolve and “gumblar .cn” is defunct (the domain is currently parked). This has stopped the surge of new infections. And the increased global awareness helped webmasters identify the problem and get rid of it.

Recovered sites are still blacklisted

Nonetheless, I can still see that many websites recovered from the gumblar/martuz attack are still blacklisted by Google. Their Safe Browsing diagnostic pages say something like:
Continue »»

NoScript Helps Reveal Website Exploits – Telegram .com Case

13 May 09   Filed in Tips and Tricks with Comments Off on NoScript Helps Reveal Website Exploits – Telegram .com Case

FireFox + NoScript

Screenshot: NoScript

I usually suggest that you should use FireFox with the NoScript plugin for safer web browsing. This combo will save you from most web threats. Just remember one rule: Never use the “Allow this page” and the “Allow Scripts Globally” options.

NoScript reveals website exploits

NoScript is also a great helper in revealing tricky website exploits.

Let me use the “Telegram .com” case to show how I use it. Continue »»

Vulnerability Advisories for Third-Party Scripts

22 Apr 09   Filed in Tips and Tricks with Comments Off on Vulnerability Advisories for Third-Party Scripts

Building sophisticated websites is pretty easy these days.  Whatever you want (blog, forum, eCommerce solution, picture gallery, video sharing site, or even your own social network) – there is a free third party script that you can use to build your site in a matter of hours.

However this ease comes at a price. Unfortunately, no software is perfect. Hackers have a great incentive to find vulnerabilities in popular scripts – if they find a security hole, they can exploit thousands (and sometimes even millions) of websites that use the buggy script.  And the fact that most popular script are free  Open Source software helps hackers immensely.
Continue »»

Using Wget to Detect Hijacked Search Engine Traffic

07 Apr 09   Filed in Tips and Tricks with Comments Off on Using Wget to Detect Hijacked Search Engine Traffic

Some time ago I had a series of post about the .htaccess exploit that redirected search engine traffic to bogus Antivirus sites.

This sort of exploit is still very wide-spread. Many site owners wonder why Google blacklists their sites when their web pages are absolutely benign and sites mentioned on Google’s Safe Browsing Diagnostic pages have absolutely nothing to do with their site’s content.

Here is an excerpt from a typical Safe Browsing Diagnostic page for an affected site:

Malicious software is hosted on 5 domain(s), including best-antimalware-pro-scan .com/, fastantimalwareproscanner .com/, fullantispywareproscan .com/.

4 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including module-antispyware .info/, securedradiostation .cn/, great-antispyware .info/.

When I see multiple antivirus-related domain names in the diagnostics, I almost sure the site has a hacked .htaccess file that redirects search engine traffic to scam sites. Still I need to verify my guess.
Continue »»