A year ago I posted some statistics. Let’s compare the first two years.

-

-

As you can see, the service steadily grows and gains popularity. I hope, this trend will continue ;-)

If you like Unmask Parasites and want to support this project, please spread the word about it. Consider linking to it. Write a testimonial. Suggest your ideas.

You can also subscribe to this blog’s RSS feed or follow me on Twitter.

Related posts:

• Happy Birthday Unmask Parasites!
• Unmask Parasites. A Year of Blogging.
• Let’s Unmask Parasites

This definition perfectly describes relationships between hackers and legitimate websites. As it often happens in real life, the host (legitimate website and its owner) may be completely unaware of parasites until the harmful effect becomes obvious (e.g. drops in traffic, lost search engine rankings, site gets blacklisted, etc. ). And it doesn’t matter how big or small your site is and how malicious the hack is – this is the sort of relationships where parasites (hackers) always win and legitimate websites always lose.

As a webmaster, you can be more effective at detecting and mitigating parasitic activities if you know how hackers can benefit from your site .

Types of website parasitism

1. Parasitism on existing site traffic
2. Parasitism on search traffic
3. Parasitism on sites search engine ranking (Black-hat SEO)
4. Parasitism on server resources

1. Parasitism on existing site traffic.

How hackers benefit from a prolonged, close association with compromised websites?
If hackers incorporate some malicious content into legitimate websites, they can expose all visitors to those sites to their attacks. This is very cost effective since the infection process is fully automated (infected computers-zombies do all the dirty work) and they get all the traffic of compromised websites for free (while it is not free for the site owners who pay for hosting, create content, pay for ads, etc.). Since the cost of website infection is very low, hackers are targeting every website regardless of its size and content. This way they have infected thousands of web sites and millions of web pages.

Examples:

• Hidden iframes – Injecting hidden malicious iframes into compromised legitimate websites is one of the most popular types of malware attacks. Invisible iframes allow to silently load exploits from “bad” sites while unsuspecting web surfers browsing visible content of infected websites. More…
  Posts about attacks that inject hidden frames
• Malicious scripts – Also a very popular type of malware attacks that allows to create hidden iframes on the fly or redirect visitors to third-party sites.
  Posts about attacks that inject malicious scripts
• Rogue web servers – server-wide hacks that hijack web server processes and serve malicious content (usually redirects to rogue sites) instead of requested web pages. Such attack may be intermittent and very hard to detect. You can read about them in the following articles:
  Goscanpark: 13 Facts About Malicious Server-Wide Meta Redirects.
  Beladen – Elusive Web Server Exploit. (information for site owners and hosting providers)
  More…

How compromised websites are harmed?

• sites get blacklisted
• lose traffic (blocked by security tools or redirected by malware)
• lose reputation when visitors see AV and Safe-Browsing warnings.
• as a result, they lose sales and revenues from ads.

2. Parasitism on search traffic

How hackers benefit from a prolonged, close association with compromised websites?

Sometimes hackers target only site visitors who come from search engines. This way they make the hack detection more difficult to site owners who rarely need search engine to open their own websites. In this case, hackers are the only ones who benefit from site owners’ efforts to improve search engine rankings.

Examples:

• .htaccess redirects – On Apache-powered sites, hackers inject conditional rewrite rules to redirect traffic from major search engine to malicious sites (usually to scareware sites).
  Posts about attacks that use malicious .htaccess redirects.
• PHP redirects – injected PHP code can redirect searchers to third-party pay-per-click search engines that share revenue with hackers (example).

How compromised websites are harmed?

• regardless of search engine rankings, compromised websites don’t receive any visitors from search engines (they are immediately redirected to third-party websites)
• eventually, sites get blacklisted
• lose natural traffic (blocked by security tools)
• lose reputation when visitors see AV and Safe-Browsing warnings in search results.
• as a result, they lose sales and revenues from ads.

3. Parasitism on sites search engine ranking (Black-hat SEO)

How hackers benefit from a prolonged, close association with compromised websites?

The more descriptive links from reputable sites point to some web page the higher its ranking for relevant keywords. This principle is abused by hackers who inject spammy links into legitimate websites to promote their shady web resources (online stores selling counterfeit and pirated goods, porn sites, scam sites). In this case, hackers benefit from existing search engine ranking (PR) and authority of the compromised sites that they share with the spammy sites.

Examples:

• Hidden links – the most simple attack that injects malicious links into legitimate webpages and uses HTML tricks to make them invisible to human visitors.
  Posts about attacks that inject hidden links
• Cloaking – more elaborate attacks, that serve different versions of web pages to normal visitors (legitimate web pages) and to search engine spiders (either modified web pages with injected spammy links or completely different spammy pages) . A lot of reputable sites have been affected by this sort of parasites:
  “Cheap Vista” or Cloaked Spam on High-Profile Sites
  Anti-Pirates Unknowingly Promote Pirates
• Rogue 301 redirects – When Google sees redirects with the 301 status code, it thinks that a website has permanently moved to another location. So it updates the site listing with the new location. Moreover, the new site automatically gains ranking of the original site. To steal ranking and search traffic from legitimate sites, hackers create conditional redirect rules (either in .htaccess files or in PHP scripts) that return the 301 status code along with the address of a malicious site for requests from search engine spiders. You can read the following posts about such attacks and their consequences:
  Exploit Redirects Googlebot to Malware Sites (Bablo me uk).
  Stats Anomaly Reveals Website Security Issues.

How compromised websites are harmed?

• The increased number of links dilutes the SEO value of web pages, which makes legitimate links less valuable SEO-wise.
• Black-hat SEO tricks inevitably lead to penalties and exclusion from search results, which usually means drop in traffic and revenues.
• Hidden links may affect contextual ads on compromised sites.
• Cloaked content makes it to site description in search results and people who search for you site name may see something like “Viagra Online – Buy Viagra Online – Cheapest Viagra On The Net” or even something pornographic next to your site link. Such thing can only harm your reputation (especially for sites of schools, churches, reputable international organizations – which I see quite often).
• Cloaked content replaces legitimate content in search index, and compromised web sites can no longer be found using relevant keywords.

4. Parasitism on server resources.

How hackers benefit from a prolonged, close association with compromised websites?

Sometimes hackers are not interested in existing content, ranking of compromised websites and their visitors. All they need is free web space and server resources – something that they can share with hacked legitimate websites whose owners unknowingly pay the bills both for themselves and for hackers.

Examples:

• Rogue pages – Deep in sub-directories of legitimate websites, hackers create thousands of web pages optimized for specific keywords to poison search results on major search engines. (usually something related to breaking news or some relatively unpopular keywords from the long tail – either way they have good chances to make it to the first page of search results). Once search engines index those rogue pages and start to send search traffic their way (it usually only take a few hours) the pages start to expose visitors to some malicious content (usually redirects to scareware sites) :
  Rogue blogs redirect search traffic to bogus AV sites. Part 1.
  Bety.php – osCommerce Hack. Part 1.
  Bety.php Hack. Part 2. Black Hats in Action.
  Internals of Rogue Blogs
• Phishing – To steal sensitive personal information hackers create rogue web pages that look exactly as login pages of banks and popular services (e.g. Facebook, PayPal, GMail, etc). When they send out tons of spam emails asking people, for example, to change their passwords (I bet you received such emails) and specifying a link to that phishing page on a hacked site. As a result of such phishing campaigns, some people may not notice the forgery and provide hackers with their logins and passwords. And the hacked sites make it into blacklists of anti-phishing organizations…
• Gumblar – One of the most elaborate malware attack – Gumblar – tries to use compromised websites to the fullest. Not only does it inject malicious scripts into legitimate web pages, it also creates subdirectories with binary exploits and malicious scripts that hackers use to infect visitors to other sites. Moreover, the backdoor scripts on infected sites are used to break into new sites and infect them. Gumblar-infected sites act as zombies of some botnet.
  Revenge of Gumblar Zombies
  List of Gumblar Zombie URLs
  More…
• Koobface – This attack, that primarily targets users of social networking sites, creates scripts in subdirectories of hacked legitimate sites that redirect victims of the attack further to malicious web pages on infected computers.
• Reverse proxies on port 8080 – To protect central malicious servers and keep them invisible to security researchers, hackers hide the real sources of badness behind reverse proxies on compromised web servers. Most hidden iframes with URLs that use port 8080 are just reverse proxies that behind the scenes pull the malicious content from secret servers.
  One of such reverse proxies
  Attacks that use such reverse proxies:
  Dynamic DNS and Botnet of Zombie Web Servers
  From Hidden Iframes to Obfuscated Scripts
  Quicksilver Malware Network

How compromised websites are harmed?

• Sites get blacklisted because of malicious content they host.
• Sites can be excluded from search results if hackers create spammy pages there.
• Sites can be marked as phishing sites.
• Everything above leads to traffic and revenue drops
• Rogue content may exhaust site quotas and slow down server performance.
• And after all, site owners pay for resource overage incurred by hacker activity.

Non-parasites

Not all hacker attacks are parasitic in their nature (which doesn’t make them less malicious, of course)

• Defacement – hackers replace/change legitimate content of websites to show everyone that the sites have been hacked. Usually it’s just a malicious mischief. It doesn’t involve prolonged and close relationship with hacked sites.
• DoS/DDos attacks – denial-of-service attacks try to render targeted websites/servers unavailable, exhausting their computational resources with floods of external requests. The goal of such attacks is usually either to get rid off unwanted sites (competitors, rivals, etc.) or to have site owners pay some ransom to stop the attack. While DoS attack may be quite prolonged (and last several weeks), they are completely external and don’t involve any close association with the the targeted sites.
• Theft – Sometimes hackers break into websites to steal some protected information (e.g. database of clients) or access premium content without paying for it.

Make knowledgeable decisions

Now that you know why hackers break into legitimate websites and how they use them, you can make knowledgeable decisions about how to detect the hacks and what tools you should use. E.g. to find injected iframes and malicious scripts you should thoroughly look through the HTML code of your web pages; to detect cloaking, you should check what Google has indexed on your site; to detect redirects from search results, you should try to spoof the Referer HTTP header with tools like wget, etc.

Unmask Parasites

To provide webmasters with a more universal, quick and secure way to check their sites for signs of hacker activity I created Unmask Parasites online service. It evolved during the last two years and proved to be a good starting point for detecting various types of website parasites: hidden links, iframes, malicious scripts, cloaking and conditional redirects.

It’s the tool that can help reveal the problem you were not aware of or provide a hint on where to look (or not to look) for the source of security problems you investigate. And it’s all in less than 30 seconds. Of course, Unmask Parasites can’t detect or correctly identify every security problem, but it’s just a first step in your investigation and you should have other more specialized tools in your toolkit as well.

If you haven’t tried Unmask Parasites yet, it’s time to click this link and check your site for parasites.

Build awareness

Did you learn anything new about website security threats? If yes, show this article to your fellow webmasters. The more we – webmasters – know about hackers, the less chance they have of exploiting our sites behind our backs.

Have your say

Do you have any other examples of parasitic activities of hackers? I would love to hear about them. Your comments are welcome.

Related posts:

• Let’s Unmask Parasites
• Unmask Parasites. A Year of Blogging
• Vulnerability Advisories for Third-Party Scripts
• 10 FTP Clients Malware Steals Credentials From

More accurate scanner

There had been dozens of improvements in the scanner. This means that more threats can be detected now. At the same time the number of false positives and errors has decreased.

Shorter caching time

It was a popular request in the Feedback forum and emails. I analyzed the usage patterns and found it reasonable to cache Unmask Parasites reports for 1 hour only (instead of 2 hours). Of course, impatient users can try obvious tricks to avoid caching altogether …

More informative messages

Unmask Parasites always reported why it considered some page as suspicious so that webmasters could easily decide whether the highlighted problem should be investigated or discarded. However, since Unmask Parasites also uses Google’s advisories (as a trusted second opinion), sometimes it was not clear (especially for new users) whether Unmask Parasites actually checked the site or just relayed Google’s data.

New messages in Unmask Parasites reports clearly differentiate between Unmask Parasites own advisories and advisories provided by Google.

Practical Guide to dealing with Google’s Malware Warnings

I’ve written a practical guide that covers everything webmasters should know and do to remove Google’s malware warnings in the shortest possible time (usually just a few hours). This guide is based on the analysis of hundreds of real cases, dozens of Google’s blogposts, and my personal discussions with members of Google’s Anti-malware team. It contains many lesser known facts that can help avoid most common mistakes which may significantly slow down the removal process (up to several weeks).

Now, if Unmask Parasites detects that a web page is blacklisted, it provides a link to this guide to assist webmasters in resolving the issue.

Unmask Parasites API

Every now and then I receive requests from people who want to use Unmask Parasites in an automated way. Generally, it’s not a good idea since Unmask Parasites doesn’t provide definite answers and each report should me manually reviewed by webmasters.

However I was pointed out that in some cases Unmask Parasites automation may be justified (e.g. monitoring status changes), so I created a simple experimental API to Unmask Parasites. It consists of just one HTTP GET request that is used to find out if Unmask Parasites considers some web page suspicious or not. Information about Google’s malware warnings is included so you can also find out if the specified web pages is blacklisted by Google.

I plan to provide all the API details in one of the upcoming blogposts. At this point point, please contact me directly if you are interested in the API.

Unmask Parasites accelerator for Internet Explorer 8

Now you can install Unmask Parasites accelerators (the install link is available to IE8 users only on the Tools page) and easily check websites and links using the context menu of your browser.

This was a short round up. There will be more detailed posts about some of the above features soon. At the same time there are some new interesting features in the works, so stay tuned.

I’d like to hear from you

Unmask Parasites is still in beta and I need your feedback. Let me know what you think about it. Do you miss any functionality? Constructive criticism and suggestions are welcome. If you already like Unmask Parasites and it helped you somehow, consider writing a testimonial. Thanks.

I think, Google AdSense worked well for me (not great though). I didn’t have to search for sponsors – Google picked the most relevant ads from their vast advertizing network for me. The ads are almost guaranteed to be safe (you know, some ad networks fail to detect banners that contain malicious code). And the earnings were enough to pay for the site hosting and domain names (these are the only direct expenses I have).

This month, as an experiment, I decided to accept Jason Remillard’s offer and replaced AdSense block at the top of Unmask Parasites report pages with a banner of his 54f3.com service.

Why did I do it?

I think this is beneficial for all parties. I get more money to maintain and improve Unmask Parasites. 54f3.com gets a chance to reach a highly targeted audience of webmasters and site owners concerned with security issues. And, finally, Unmask Parasites users will see ads more relevant to their needs than contextual AdSense blocks (that usually advertise enterprise network security solutions that cost thousands of dollars while my site is used mainly by owners of small and medium websites).

What is 54f3.com?

54F3 stands for ‘SAFE’ in L33t language. 54f3.com is a service that regularly scans websites for thousands of known security vulnerabilities and lets you shut them down before hackers have a chance to exploit them. They also provide a web seal that indicates the date of the last scan. You can place this seal on your site to increase your customers’ confidence.

Review.

Unmask Parasites is not affiliated with 54f3.com. They just pay for their banner placement on my site. However I feel responsibility for the content of my site and before placing the banner, I gave 54f3 service a try (they have a free 5 day trial) to make sure they really do what they claim on their site.

It very easy to get started. You need to register with 54f3.com and submit the address of your site. That’s it. Nothing to install.

Every day during the trial I received email notifications that contained results of the latest scan and offered to download the detailed report from the client area.

Example of scan results:

High Severity Issues: 1
Medium Severity Issues: 3
Low Severity Issues: 5

The detailed report is a PDF document (16 pages in my case) that contains a lot of useful information about your web site (i.e. opened ports, detected services, etc.) and a list of found security issues.

Information about every issue comprises of four main sections: Description, Impact, Affected Items and Recommendations.

Example:

Description
A possible sensitive directory has been found. This directory is not directly linked from the website. This check looks for known sensitive directories like: backup directories, database dumps, administration pages, temporary directories. Each ofthose directories may help an attacker to learn more about his target.
Impact
This directory may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
Affected items
–a list of affected directories and sample HTTP responses that reveal those directories here.–

In my web server logs I found a lot of requests from 54f3 scanners that tried to find XSS vulnerabilities.

The detailed reports with relevant information and my server logs prove that the service description on their site is correct.

Issues

At the same time the trial revealed some issues that I can’t keep silent about. These issues are actually the other side of the strengths of 54f3’s service.

As one of their banners says, “20,000+ vulnerabilities tested”. This may significantly load your web server. For example, during one 10-minute session their scanners produced about 4,500 requests (almost 8 requests/second). Six hours later, during the next 10-minute session, they generated 8,000 more requests (13 requsts/second). These two 10-minute sessions produced 2 MBytes of server logs. So make sure that your server (or your hosting plan) can handle such a load.

They also check for vulnerabilities of contact forms. And if you have a contact form without a captcha be prepared to receive hundreds of emails from addresses like this one cat /etc/passwd <111-222-1933email@address.tst> every day.

Users with sites on shared hosting plans should be aware that 54f3 scans the whole server and may report problems that are out of your conrol (like open ports) and some of them may be not relevant to you (i.e. depricated SSL protocols if your site doesn’t use secure connections). This problems may still characterize the overall web server’s security and you might want to pass them on to your hosting provider.

I should also mention that I don’t know how good this service is at detecting malicious content since the site I checked wasn’t hacked.

Summary

So, if any of the above issues are serious for you, 54F3 is probably not what you need. For small static sites on cheap shared hosting plans it is overkill. But if you operate a business website on a dedicated server (or VPS) and store sensitive data online, you definitely need something like 54F3. Everything in between might be also interested in a thorough vulnerability scan.

Here is a good quote from their FAQ:

? What type of site is 54F3 suitable for?
54F3 works with any site really, but it’s primarily aimed for sites handling data and money that must comply with regulations.

In the conclusion, I should say that their pricing starts at $30/month.

Want to work with Unmask Parasites?

If you are interested in sponsoring Unmask Parasites or in any other sort of cooperation, feel free to contact me. I’m open to any offers.

Similar posts:

• Happy Birthday Unmask Parasites!

One year later Unmask Parasites is still in beta but now it’s a much more mature service that has proven its viability.

Many interesting things happened during this year.  I’m not a good writer to make it an interesting reading, so I’ll only list some milestones, facts and statistics here.

June 1, 2008: Public release of Unmask Parasites.

The initial public version was 0.1, the current version is 0.4.137 (you can see it at the very bottom of the home page).

The revision numner of the initial public revision (per SVN log) was #38, the current is #137 — 100 updates. As you can see, I have been improving the service all this year.

More than 126,000 web pages have been checked. More than 28,000 of them have been found suspicious for various reasons.

It took more than 5 months to reach the level of 10,000 checked web pages. 11 months for 100,000 checked web pages. Now people use Unmask Parasites to check about 1,000 web pages every day.

All this time Unmask Parasites service was absolutely free. I can afford it since expenses are really low. During this year I spent less than $150 for site hosting and domain names. That’s all. (Plus, of course, enormous amount of my personal invaluable time.) Google’s AdSense blocks don’t make me rich but help me pay for the site hosting (I’ve recently received my first check for $113).

Now some stats from Google Analytics:

67,191 visits (41,166 visitors) from 156 countries and territories. (I don’t include here this blog’s stats with another 60,000 visits)

1,331 sites sent 36,779 visitors to Unmask Parasites via incoming links. This blog, Google’s Webmaster Forum, and WordPress support forums are among leaders.

Unmask Parasites and articles from this blog had been referenced in blogs of major media (CNet, PCWorld, The Register, Guardian, Washington Post, etc.) and in specialized security blogs (Sophos, ScanSafe, SCMagazine, Google Online Security, etc.)

Some ranks of www.UnmaskParasites.com:

Google PageRank: 5
Alexa traffic rank: 53,614

Well, pretty good for a project with less than $150 yearly budget, isn’t it?

Now let’s leave all this facts alone. Every day I receive emails from site owners and I know that Unmask Parasites helped them identify and fix various website security issues. This makes me feel that I’m doing the right thing. And I like this feeling :-)

If you also think that I’m doing the right thing, the comment’s section is awaiting your “Happy Birthday” wishes. If you want to make a present, please consider linking to http://www.UnmaskParasites.com and spreading the word about it :-)  You can also subscribe to this blog’s RSS feed or follow me on Twitter.

P.S. I’m currently working on a new version of Unmask Parasites. Some new services should be released soon too. So stay tuned.

Similar posts:

• Unmask Parasites. A Year of Blogging.
• Let’s Unmask Parasites
• Unmask Parasites: 10,000 checked pages and counting
• Unmask Parasites is Getting Noticed
• New Version of Unmask Parasites Released

The Unmask Parasites online service was not affected (it is hosted in a different location, and is very secure). It worked all that time. And during the investigation, my blog redirected visitors to http://www.UnmaskParasites.com

I’d like to thank Googlers (John Mueller, Oliver Fisher and Oxana Comanescu) who provided me with details about the issue. The malicious code had been noticed only in a small percentage of server responses (hackers don’t want to be unmasked). I could never reproduce it myself.

My blog is hosted on a simple shared plan since it doesn’t require anything fancy. I combed though my whole account and couldn’t locate any sign of the compromise or any alien code.

I contacted my hosting provider and provided them with all the information I had. They were very responsive and had been investigating the issue for the rest of the day. They took some preventive measures and added traffic filtering so I hope my blog is currently pretty much safe.

Anyway, you shouldn’t trust even sites like mine. Make sure you are browsing the web with a secure browser. If you are on Windows, consider using Google Chrome (it warns if a site references something from blacklisted third-party sites) or FireFox with the NoScript extension. With NoScript, you can enable scripts on legitimate domains that you visit, but any third-party scripts (and most website exploits require loading scripts from third-party domains) will be blocked.

When I have all the details from my hosting provider, I’ll review the issue.

Moving to VPS

Meanwhile I consider moving my blog from shared hosting to a VPS (virtual private server), so that I have full control over the things behind the scenes.

I’m not much of a sysadmin, so I’ll need some getting started tutorials about how to keep the server secure.

Can anyone suggest a supportive and reliable hosting provider with affordable VPS plans? I don’t need anything fancy: Apache, MySql, PHP, Wordpress. I guess 256Mb RAM would be enough.

It would also be great if someone could support Unmask Parasites and this blog and help me purchase a VPS.

Feel free to leave your comments here or contact me directly.

I’ve got a new version of Unmask Parasites. It’s a free online tool that helps site owners reveal hidden security problems. Hope you will like it.

Safe Browsing Integration.

The major new feature is the integration with Google’s Safe Browsing project. Now examined links and all referenced domains are checked against Google’s blacklist. It’s the same list that Firefox 3, Safari and Google Chrome use.

The results will clearly indicate whether a page links to suspicious sites (bad neighborhoods) or generates security warnings in Google’s search results and in popular modern web browsers.

Safe links

All links in Unmask Parasites reports are now safe. It is safe to click even on suspicious links – they all now lead to intermediary “Link Details” pages where you can

• check the link’s current status in Google’s Safe Browsing database,
• report the link to Google if you think it is suspicious,
• double-check the link with Unmask Parasites
• and, if you believe it’s safe, open it in a browser.

More real time reports

In this version, results are cached for 2 hours only (the previous version cached results for 3 hours). Caching prevents abuse of the service, improves performance and decreases load on the target websites.

However, you might want to be able to re-check your site when you’re fixing reported security issues and cached results are not what you need. Now real time results will be available 1 hour earlier. (Of course, you can get real time results right away if you use the trick with alternative urls: i.e. while www.example.com is cached, you can still get real time results for example.com or www.example.com/index.html ;-)

Better detection of suspicious scripts

During the last several months I examined hundreds of compromised web pages that Unmask Parasites didn’t detect as suspicious. I also consulted with a few researchers from security software companies and was able to identify new patterns of malicious scripts. As a result the new version of Unmask Parasites is much better at detection of suspicious scripts. Don’t expect miracles though. You still need to double-check HTML code if you want to be 100% sure that no alien scripts were injected in your files.

Social bookmarking links

Since the very first release of Unmask Parasites I don’t display links from a few trusted popular domains (i.e. google.com, www.google-analytics.com, wordpress.org, wikipedia.org, etc.). This helps avoid excessive clutter and focuses the viewer on the rest links that have more chances to be suspicious.

Now I’ve expanded the list of trusted links with links to social media submission services. You know, many blogs contain links/buttons to add their articles to Digg, Delicios, Facebook, Technorati, StumbleUpon, Yahoo Buzz, etc. Sometimes such links occupy a whole screen in the list of External References. So I decided to get rid of them (so far 17 submit urls marked as trusted and thus removed from reports).

BTW, have you bookmarked Unmask Parasites? ;-))

Share report link

I know, some of you use Unmask Parasites to help other people identify their sites’ security problems. I’ve seen copy-pasted reports on various forums. That’s great! However, as a result sometimes you expose direct links to malicious sites and need to remember to mangle them somehow. This happens mainly because Unmask Parasites is an AJAX web application and all security reports have the same URL in a browser’s address bar.

Now you will find links to individual reports in their “General” section. Just copy the link and paste it wherever you want.

1,000 detected suspicious web pages.

It must be a coincidence, but today the counter of detected suspicious pages has reached the 1,000 mark.

So far Unmask Parasites averaged 5-7% of suspicious pages. (This number doesn’t include hundreds of checked pages with the bogus Antivirus 2009 redirects, since technically they were not marked as suspicious.)

Now with the integration of Google’s Safe Browsing API and the improved malicious script detection algorithm, I expect that 10-15% of checked web pages will be reported as suspicious. And I hope this will help more site owners identify what’s wrong with their sites.

Let’s go!

So, this new version is officially released. Go check your sites, then check you friends’ sites, then sites that you regularly visit. Then click that blue feedback button on the left side of the report page and tell me what you think about the new version. It’s still a beta version and I need your comments, suggestions and bug reports. You can also leave your comments here or use one of my contact forms.

Let’s go and unmask the parasites!

This week Unmask Parasites has been featured on two popular blogs: gHack.net and MakeUseOf.com. MakeUseOf.com even added Unmask Parasites to their “Directory of Apps”

Thanks guys!

Thanks to all other bloggers who wrote about Unmask Parsites. I noticed your posts ;-)

If you have a blog and want to mention my service, feel free to contact me for any details you need for your post. If you don’t have a blog but still want to support me, consider bookmarking Unmask Parasites and submitting it to social media sites ;-)

Unmask Parasites online service has reached the level of 10,000 checked web pages. 556 of the checked pages were found suspicious. It’s more than 5%. The real number of checked compromised web pages is even higher since in most cases Unmask Parasites leaves it up to a site owner to decide whether detected redirects and scripts are actually malicious.

Hope Unmask Parasites has helped many site owners detect and resolve tricky security problems.

Thanks to all who used the service, helped test and improve it.

Get ready for some new interesting features.