msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Two Tweet Weeks: January 3 – January 16, 2011

18 Jan 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Black-hat SEO campaigns, PDF dangers, etc.. »»

Tweet Week: June 27 – July 4, 2010

04 Jul 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Safer PDF viewing, Gumblar zombies, Asprox, WayBack Machine and more… »»

Tweet Week: April 5-11, 2010

11 Apr 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

mass WP hack on Network Solutions, virtualization, Google Webmaster Tools, etc … »»

Tweet Week: Dec 14-20, 2009

20 Dec 09   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Updates: WP 2.9 and FF 3.5.6, Adobe vulnerability, scareware and $150m, plus an insightful discussion »»

Tweet Week: Nov 16-22, 2009

24 Nov 09   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

PDF exploit, threats, Google Webmaster Tools … »»

Revenge of Gumblar Zombies

23 Oct 09   Filed in Website exploits with 50 Comments

Do you remember Gumblar? The massive hacker attack that managed to infect more than a hundred thousand legitimate web sites in a very short time this May? The infection was relatively easy to detect but very hard to completely get rid of. It infected various types of files and created backdoor scripts in inconspicuous places of websites so that hackers could easily restore the malicious content.

The gumblar .cn site (and its immediate successor martuz .cn) had been promptly shut down. As a result,the malicious script injected into hacked websites became harmless for site visitors. However, many webmasters failed to properly clean up their sites after the Gumblar infection, leaving the backdoor scripts intact. It was predicted that hackers would find the way to utilize this army of potentially controllable websites. Now, five months later, we see a new surge of a massive attack that resembles Gumblar in many aspects.
Continue »»

Ncccnnnc .cn – Warning: Not Opera Only

15 Oct 09   Filed in Website exploits with 11 Comments

This is just a quick post to let you know about a new type of server-wide script-injection attack I’ve just discovered.

I found this post on a phpBB forum and decided to check the infected site with Unmask Parasites. The tool reported a suspicious script:
Continue »»

Malicious “Income” IFrames from .CN Domains

15 Apr 09   Filed in Website exploits with 78 Comments

New week, new leader. I mean various hidden iframes from .cn domains injected at the bottom of home pages.

The html code looks like this

<iframe src="http: //lotmachinesguide .cn/ in.cgi?income56" width=1 height=1 style="visibility: hidden"></iframe>

The domain names may vary but they always end with .cn. The domain names usually contain words lot and bet. They all reside on the same server with the IP address 94 .247 .3 .150.  The iframes load pages with paths similar to  “in.cgi?incomeNN”, where NN is some arbitrary number.
Continue »»