msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Antivirus 360 redirection exploit

19 Dec 08   Filed in Website exploits with 3 Comments
Antivirus 360 exploit

This is a new post in the series about the Antivirus 2009 .htaccess exploit. I want to share some new information on the topic.

Continue »»

Unmasking the Antivirus 2009 .htaccess Exploit.

08 Dec 08   Filed in Website exploits with 16 Comments

In the previous post I described the symptoms of the Antivirus 2009 .htaccess exploit, how to detect it and get rid of it.

This time I’m going to further unmask this exploit and show how it works.

Continue »»

Bogus Antivirus 2009 .htaccess Exploit.

05 Dec 08   Filed in Website exploits with 22 Comments

antivirus 2009 .htacces exploit

Let’s start with the most “popular” exploit of the last week.

I’ve seen dozens of messages all over the web (WordPress forums, BadwareBusters.org, StopBadware discussion group, etc) regarding compromised web sites and why Google blocked them. When I checked them with Unmask Parasites, their reports looked pretty much the same: no title and a chain of four redirects. All those sites were hit by the bogus Antivirus 2009 .htaccess exploit.

Symptoms

  1. Abrupt decrease of search engine traffic. Almost to zero. – always
  2. People complain that when they visit your site, it says their computer is infected with spyware and forces them to install Antivirus 2009, but when you open the site yourself, you don’t see anything suspicious. - if your site visitors care enough to complain
  3. Warnings in google search results that visiting your site may harm a computer. – only if Google has already detected the exploit. This may be a sign of some other exploit as well.
  4. Firefox 3 and Google Chrome browsers wouldn’t let anyone visit your site and warn web surfers that your site is an “attack site”. – only if Google (Firefox uses Google’s base) has already detected the exploit. This may be a sign of some other exploit as well.

Continue »»