Tweet Week: April 4-10, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Gumblar was not SQL-injection, WP 3.1.1, download alerts in Chrome, timing warning removal …
BlackHole: defs_colors and createCSS Injections
This is a review of the malware injection attack that I see quite often lately.
On Safe Browsing diagnostic pages, infected sites usually mention the following domains:
Malicious software is hosted on 4 domain(s), including new-solomon .cz.cc/, newsalamandra .cz.cc/, banpox .cz.cc/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including chadon .nl/, 75.127.108 .0/.
In intermediaries, they usually include chadon .nl, corkit .co, tongho.co.th and some IP address.
On infected sites, I found various modification of a script that generally looks like this:
Continue »»
Two Tweet Weeks: January 3 – January 16, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: July 19-25, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
VBulletin and Soholaunch security problems, Unmask Parasites milestone … »»
Tweet Week: June 27 – July 4, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Safer PDF viewing, Gumblar zombies, Asprox, WayBack Machine and more… »»
Analysis of Gumblar Zombie URLs
As you might know, I maintain and regularly update a list of Gumblar zombie URLs. The main reason why I do it is to help webmasters of compromised sites find relevant information about the source of their problems and the steps required to clean up and secure their sites. I see this pattern quite often, when webmasters find a suspicious script in their web pages and use it in Google searches to find more information about it. On the other hand, this list can also help reveal the security breach of sites that hackers use to host Gumblar zombie scripts.
This week the list has reached the level of 1,000+ URLs. Although it’s just a small part of all Gumblar zombie scripts, this list makes a good base for a quick analysis of Gumblar zombie URLs.
Continue »»
Tweet Week: April 5-11, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
mass WP hack on Network Solutions, virtualization, Google Webmaster Tools, etc … »»
Tweet Week: March 15-21, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
500K Unmask Parasites milestone, security tools, patches, malware attacks, etc. … »»
Tweet Week: March 8-14, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: Feb 15-21, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Gumblar zombies, StopBadware reports, WordPress updates … »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
