msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Massive Script Injection (k985ytv)

23 Aug 11   Filed in Short Attack Reviews with 1 Comment

I’d like to point webmasters at a great article on the Armorize blog. It is about a new massive script injection attack that seems to have affected a few thousand websites. In my post, I will summarize the information specifically for webmasters.
Continue »»

Two Tweet Weeks: August 8-21, 2011

22 Aug 11   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

TimThumb attacks, program for responsible hosting providers, analyses of black hat SEO campaigns, osCommerce tips, 4 years of Safe Browsing data »»

Update on redef_colors/createCSS attack: PHP code, Backdoors and osCommerce.

07 Apr 11   Filed in Website exploits with 4 Comments

A few days ago, I blogged about the hacker attack that used the BlackHole toolkit and injected “createRSS” and “defs_colors” malicious scripts into legitimate websites. I’ve worked with a few webmasters of infected sites since then and now have some important additional information that I want to share here.
Continue »»

BlackHole: defs_colors and createCSS Injections

24 Mar 11   Filed in Website exploits with 1 Comment

This is a review of the malware injection attack that I see quite often lately.

On Safe Browsing diagnostic pages, infected sites usually mention the following domains:

Malicious software is hosted on 4 domain(s), including new-solomon .cz.cc/, newsalamandra .cz.cc/, banpox .cz.cc/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including chadon .nl/, 75.127.108 .0/.

In intermediaries, they usually include chadon .nl, corkit .co, tongho.co.th and some IP address.

On infected sites, I found various modification of a script that generally looks like this:
Continue »»