Leaseweb | Unmask Parasites. Blog.

Last week, I wrote about the latest mutation of the website hack that has been active (mostly in form of iframe injection) throughout this year. I mentioned that for some reason all malicious domain names had been mapped to IP addresses on LeaseWeb and OVH networks. Moreover, LeaseWeb hosted a central site mdvhost .com (hidden behind reverse-proxies) for at least 3 months.
LeaseWeb reaction »»

Tags: Leaseweb mdvhost nginx OVH

Tweet Week: Dec 21-27, 2009

28 Dec 09 Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Dec 23, 2009

Christmas theme: who-is-santa-2010 (dot) com – domain name of one scareware site

Dec 24, 2009

Response to my blog post from LeaseWeb

Dec 25, 2009

Sophos on the “GNU GPL” malicious script (Troj/JSRedir-AK)

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Similar posts:

Previous Tweet Weeks

Tags: Leaseweb scareware

From Hidden Iframes to Obfuscated Scripts

23 Dec 09 Filed in Website exploits with 50 Comments

In December, I noticed that ubiquitous hidden iframes that have been the prevailing site hack this year seemed to have gone. Unmask Parasites finds them on very few sites now. And even on infected sites, I see only old domains, while this attack is known for introducing at least one new domain every day and for frequently updating the iframe code on infected sites.

At the same time I noticed a new type of obfuscated scripts injected into hacked websites. And I believe it’s a new incarnation of the same attack that previously injected hidden iframes.
Here’s the story »»

Tags: FTP iframe Leaseweb mdvhost obfuscated script OVH

Tweet Week: Dec 28, 2009 – Jan 3, 2010

Evict Hackers

Tweet Week: Dec 21-27, 2009

From Hidden Iframes to Obfuscated Scripts

About this blog

Recent Posts

Categories

Recent Comments