Mdvhost | Unmask Parasites. Blog.

Loading site search ...

Evict Hackers

30 Dec 09 Filed in General with 1 Comment

Last week, I wrote about the latest mutation of the website hack that has been active (mostly in form of iframe injection) throughout this year. I mentioned that for some reason all malicious domain names had been mapped to IP addresses on LeaseWeb and OVH networks. Moreover, LeaseWeb hosted a central site mdvhost .com (hidden behind reverse-proxies) for at least 3 months.
LeaseWeb reaction »»

Tags: Leaseweb mdvhost nginx OVH

From Hidden Iframes to Obfuscated Scripts

23 Dec 09 Filed in Website exploits with 52 Comments

In December, I noticed that ubiquitous hidden iframes that have been the prevailing site hack this year seemed to have gone. Unmask Parasites finds them on very few sites now. And even on infected sites, I see only old domains, while this attack is known for introducing at least one new domain every day and for frequently updating the iframe code on infected sites.

At the same time I noticed a new type of obfuscated scripts injected into hacked websites. And I believe it’s a new incarnation of the same attack that previously injected hidden iframes.
Here’s the story »»

Tags: FTP iframe Leaseweb mdvhost obfuscated script OVH

Evict Hackers

From Hidden Iframes to Obfuscated Scripts

About this blog

Recent Posts

Categories

Recent Comments

Has your website been hacked?