msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Tweet Week: April 4-10, 2011

11 Apr 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Gumblar was not SQL-injection, WP 3.1.1, download alerts in Chrome, timing warning removal …

BlackHole: defs_colors and createCSS Injections

24 Mar 11   Filed in Website exploits with 1 Comment

This is a review of the malware injection attack that I see quite often lately.

On Safe Browsing diagnostic pages, infected sites usually mention the following domains:

Malicious software is hosted on 4 domain(s), including new-solomon .cz.cc/, newsalamandra .cz.cc/, banpox .cz.cc/.

2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including chadon .nl/, 75.127.108 .0/.

In intermediaries, they usually include chadon .nl, corkit .co, tongho.co.th and some IP address.

On infected sites, I found various modification of a script that generally looks like this:
Continue »»

Two Tweet Weeks: January 3 – January 16, 2011

18 Jan 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Black-hat SEO campaigns, PDF dangers, etc.. »»

Tweet Week: July 19-25, 2010

25 Jul 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

VBulletin and Soholaunch security problems, Unmask Parasites milestone … »»

Tweet Week: June 27 – July 4, 2010

04 Jul 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Safer PDF viewing, Gumblar zombies, Asprox, WayBack Machine and more… »»

Analysis of Gumblar Zombie URLs

29 Jun 10   Filed in General, Website exploits with 3 Comments

As you might know, I maintain and regularly update a list of Gumblar zombie URLs. The main reason why I do it is to help webmasters of compromised sites find relevant information about the source of their problems and the steps required to clean up and secure their sites. I see this pattern quite often, when webmasters find a suspicious script in their web pages and use it in Google searches to find more information about it. On the other hand, this list can also help reveal the security breach of sites that hackers use to host Gumblar zombie scripts.

This week the list has reached the level of 1,000+ URLs. Although it’s just a small part of all Gumblar zombie scripts, this list makes a good base for a quick analysis of Gumblar zombie URLs.
Continue »»

Tweet Week: April 5-11, 2010

11 Apr 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

mass WP hack on Network Solutions, virtualization, Google Webmaster Tools, etc … »»

Tweet Week: March 15-21, 2010

22 Mar 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

500K Unmask Parasites milestone, security tools, patches, malware attacks, etc. … »»

Tweet Week: March 8-14, 2010

14 Mar 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Security discussions, hidden links in WordPress, new vulnerabilities, StopBadware wants bad URLs, etc. … »»

Tweet Week: Feb 15-21, 2010

21 Feb 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Gumblar zombies, StopBadware reports, WordPress updates … »»