msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Lorem Ipsum and Twitter Trends in Malware. Update.

18 Feb 12   Filed in Website exploits with 4 Comments

A few weeks ago I published an article about an attack that hosted malware on a fast flux network of infected PCs and used a clever algorithm based on Twitter trends to generate four new hard-to-predict domain names every day.

Shortly after that I was contacted by foks, who shared some interesting information. He conducted his own investigation and found out how hackers injected those scripts into legitimate web pages. He also found a new (buggy) version of the malicious script.
Continue »»

Lorem Ipsum and Twitter Trends in Malware

26 Jan 12   Filed in Website exploits with 5 Comments

A couple of years ago I wrote about malware attacks that used Twitter API to generate domain names for their malicious sites using trending topics as keys in the domain generating algorithm.

  • Each domain was in use for a few hours only
  • The next domain names would become available just a few hours before the malicious scripts on hacked sites begin to use them.

Since 2009, I’ve seen many revisions of that attack. It has never been the most prevalent issue but as far as I can tell it constantly evolves and mutates. The recent update of the malicious script injected by this attack looked quite interesting and I decided to find out what has changed since late 2009.
Continue »»