Milestone | Unmask Parasites. Blog.

Unmask Parasites didn’t detect anything suspicious but a quick manual check revealed the following script tag right after the <body> tag in every web page:

<sc ript type="text/javascript" src="newgeocheck.js"></script>

(Unmask Parasites doesn’t check .js file, so no wonder it couldn’t detect the source of the problem)

This script loaded an invisible iframe form addthiss .net.

<i frame width="1" height="1" frameborder="0" scrolling="no" marginwidth="0" marginheight="0" style="" src="hxxp://addthiss .net/ in.cgi?8"></iframe>
Here goes the real investigation »»

Tags: addthiss FTP GeoChecker milestone newgeocheck.js obfuscated script

Tweet Week: May 3-9, 2010

10 May 10 Filed in Tweet Week with 0 Comments

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Unmask Parasites testimonials, Google’s Jarlsberg, etc. »»

Tags: Firefox jarlsberg milestone

Tweet Week: March 15-21, 2010

22 Mar 10 Filed in Tweet Week with 0 Comments

Selected short messages and links you might have missed if you don’t follow me on Twitter.

500K Unmask Parasites milestone, security tools, patches, malware attacks, etc. … »»

Tags: gumblar IE milestone StopBadware unb0rn

Tweet Week: Jan 18-24, 2010

24 Jan 10 Filed in Tweet Week with 0 Comments

Selected short messages and links you might have missed if you don’t follow me on Twitter.

IE patch, updates on attacks, Google quiz, Firefox 3.6, UP testimonials »»

Tags: bety.php Firefox IE LGPL milestone Sinowal SSL

Tweet Week: Jan 11-17, 2010

17 Jan 10 Filed in Tweet Week with 0 Comments

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Security updates, botnets, Unmask Parasites »»

Tags: adobe botnet Flash LGPL milestone

Tweet Week: Nov 9-15, 2009

15 Nov 09 Filed in Tweet Week with 0 Comments

Selected short messages and links you might have missed if you don’t follow me on Twitter.

WordPress, Twitter, passwords, gumblar … »»

Tags: gumblar milestone password twitter WordPress

Tweet Week: Oct 26 – Nov 1, 2009

01 Nov 09 Filed in Tweet Week with 0 Comments

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Oct 26, 2009

[link:Sophos blog] New type of hidden malicious iframes

Oct 28, 2009

[milestone] 50 blog posts on http://blog.UnmaskParasites.com (in less than a year)

Security updates are available for Firefox 3/3.5 and Opera 10. Make sure to update your browser ASAP

Oct 30, 2009

I published a “beta” of my Practical Guide to Dealing With Google’s Malware Warnings – need your feedback. Thanks

[link:ottodestruct.com] How to find a backdoor in a hacked WordPress – great article

Oliver Fisher (Google Anti-Malware) on Google’s automates malware scanners and warnings

If you want more real-time experience, you can follow @unmaskparasites on Twitter.

Similar posts:

Previous Tweet Weeks

Tags: backdoor iframe milestone WordPress

Tweet Week: Sept 28-Oct 4, 2009

04 Oct 09 Filed in Tweet Week with 3 Comments

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Oct 1, 2009

My blog reader Robert asks if suPHP can prevent Beladen/Goscanpark-type exploits. What do you think?

[milestone] 50,000 suspicious pages detected by Unmask Parasites.

Oct 2, 2009

TheRegister writes about my research on cloaked spam pages on hacked high-profiles sites.

Millions of hacked ASP web pages (looks like SQL-injection)

If you want more real-time experience, you can follow @unmaskparasites on Twitter.

Tags: ASP milestone SQL-injection suPHP

Tweet Week: July 19-25, 2010

Tweet Week: May 31 – June 6, 2010

NewGeoCheck.js and Malicious AddThiss .net Iframe

Tweet Week: May 3-9, 2010

Tweet Week: March 15-21, 2010

Tweet Week: Jan 18-24, 2010

Tweet Week: Jan 11-17, 2010

Tweet Week: Nov 9-15, 2009

Tweet Week: Oct 26 – Nov 1, 2009

Tweet Week: Sept 28-Oct 4, 2009

About this blog

Recent Posts

Categories

Recent Comments