msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Tweet Week: Nov 23-29, 2009

29 Nov 09   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

IE vulnerability, MediaTemple security issues, Google Webmaster Tools … »»

Rogue blogs redirect search traffic to bogus AV sites. Part 2.

27 Nov 09   Filed in Website exploits with 5 Comments

This is the second part of the post about rogue blogs installed into subdirectories of hacked legitimate websites. The first part talked about how those blogs redirect search engine traffic to scareware sites. In this part I will talk about the whole black hat campaign, its evolution and its strange connection with Servage hosting provider.

Generations of rogue blogs

In the Cyveillance blog, they mentioned two types of rogue blogs with “bsblog” and “bmsblog” strings in the URLs. Having played with Google searches, I discovered some more versions:

So what do those strings mean? A quick analysis of the blogs’ content suggests that “blog“, “bmblog”, “bsblog“, “bmsblog” and “mdblog” strings in blog addresses correspond to different generations of this black hat campaign.
Here is the timeline »»

Rogue blogs redirect search traffic to bogus AV sites. Part 1.

26 Nov 09   Filed in Website exploits with 8 Comments

As I tweeted a few days ago, I gathered a lot of interesting information about this case. So to make the post readable, I’ve broken it down into two parts. The first part is about how rogue blogs work, and the second part is about different generations of this black hat campaign and about the connection with Servage hosting provider.

A few days ago, I stumbled upon a great post where guys from Cyveillance blog wrote about a massive Google search results poisoning. Well worth reading.
Here is a brief summary of their post followed by my own findings »»

Tweet Week: Nov 16-22, 2009

24 Nov 09   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

PDF exploit, threats, Google Webmaster Tools … »»

“Cheap Vista” or Cloaked Spam on High-Profile Sites

01 Oct 09   Filed in Website exploits with 12 Comments

In this post, I’ll show how cybercriminals used hacked high-profile sites to drive search traffic to online stores that sell pirated copies of popular software and, presumably, steal credit card details.

I’ve been watching this sort of search spam for more than a year now. And after this post in Google’s Webmaster Help forum, I decided to take a closer look at this this problem.
Continue »»

Security Lesson From a Kenyan Marathon Runner

30 Jun 09   Filed in General with Comments Off

If you have a site/blog but you are not a techie and don’t know much about website security, you might want to read this article written by a Kenyan marathon runner about how his blog was hacked.

He received an email from Google saying that his site had been temporarily removed from search index because it contained hidden spam links and thus violated Google’s guidelines.
Continue »»

Every site may harm your computer. (Thinks Google)

31 Jan 09   Filed in General with 1 Comment

Something strange has happened to Google. All links in search results are marked as harmful. I checked from both Windows and Linux machine so spyware interference is very unlikely. Must be a Google’s bug. Continue »»