msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Tweet Week: Jan 4-10, 2010

10 Jan 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Adobe Reader updates, Adv. WordPress Security, LGPL malscripts »»

Tweet Week: Dec 28, 2009 – Jan 3, 2010

03 Jan 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Dec 28, 2009

LeaseWeb seems to have removed malicious servers from its network after my blog post about the “GNU GPL” scripts. (OVH still hosts hackers)

Dec 30, 2009

Good Guys Bring Down the Mega-D Botnet – respect @FireEye !

Jan 2, 2010

Microsoft confirms IIS hole

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

Evict Hackers

30 Dec 09   Filed in General with 1 Comment

Last week, I wrote about the latest mutation of the website hack that has been active (mostly in form of iframe injection) throughout this year. I mentioned that for some reason all malicious domain names had been mapped to IP addresses on LeaseWeb and OVH networks. Moreover, LeaseWeb hosted a central site mdvhost .com (hidden behind reverse-proxies) for at least 3 months.
LeaseWeb reaction »»

From Hidden Iframes to Obfuscated Scripts

23 Dec 09   Filed in Website exploits with 52 Comments

In December, I noticed that ubiquitous hidden iframes that have been the prevailing site hack this year seemed to have gone. Unmask Parasites finds them on very few sites now. And even on infected sites, I see only old domains, while this attack is known for introducing at least one new domain every day and for frequently updating the iframe code on infected sites.

At the same time I noticed a new type of obfuscated scripts injected into hacked websites. And I believe it’s a new incarnation of the same attack that previously injected hidden iframes.
Here’s the story »»