msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Two Malware Trends Combined in One Attack

06 Oct 10   Filed in Website exploits with 8 Comments

Two of the major trends in malware attacks described on this blog this summer were the use of hijacked DNS records of legitimate domains and continuous attacks against sites on MediaTemple and RackSpace. In the end of this September, I noticed a new attack that combined these two trends.

At higher level, this attack is no different from many preceding variations that hit MediaTemple. It prepends malicious code to the first line of some existing .js files or injects it inside the <ads>…</ads> tags at the bottom of HTML code of legitimate web pages.

However, soon you notice new techniques.
Continue »»

Two Tweet Weeks: August 30 – September 12, 2010

13 Sep 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

new type of Fake AV, TechCrunch hacked, app vulnerabilities and updates … »»

Tweet Week: August 9-15, 2010

16 Aug 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

SQL-injection, MediaTemple issues, exploited phpMyAdmin vulnerability … »»

Pqshow .org Scripts – New Plague On MediaTemple Sites

14 Aug 10   Filed in Website exploits with 19 Comments

New week — new attack on MediaTemple-hosted sites.

Almost everything remains the same as in the last week’s attack I described here. The only difference is the new script and the new remote malicious site – bl .pqshow .org.
Continue »»

Malicious “ads” and “bars” on RackSpace & MediaTemple

08 Aug 10   Filed in Website exploits with 21 Comments

Right before this week-end I noticed an increased number of sites hosted on MediaTemple and RackSpace coming to Unmask Parasites with the same problem — their sites are blocked by Google and their diagnostic pages mention the following five domains: “myads .name“, “adsnet .biz“, “toolbarcom .org“, “mybar .us“, “freead .name“.
Continue »»

Tweet Week: July 12-18, 2010

18 Jul 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

nginx as reverse proxy, WP redirects on MediaTemple, Image search spam … »»

Tweet Week: Nov 23-29, 2009

29 Nov 09   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

IE vulnerability, MediaTemple security issues, Google Webmaster Tools … »»