msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Two Tweet Weeks: October 4 – October 17, 2010

18 Oct 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

BLADE vs drive-by infections, passwords in browsers, Adobe massive update, more alerts for network admins »»

Tweet Week: September 27 – October 3, 2010

04 Oct 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

New WP hosting, ASP.Net patch, Safe Browsing for network admins, what’s riskier than porn … »»

Tweet Week: April 5-11, 2010

11 Apr 10   Filed in Tweet Week with 1 Comment

Selected short messages and links you might have missed if you don’t follow me on Twitter.

mass WP hack on Network Solutions, virtualization, Google Webmaster Tools, etc … »»

Tweet Week: March 29 – April 4, 2010

04 Apr 10   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

security patches, SpyEye vs. Zeus, Black-hat SEO, Google vs phishing … »»

Web of Koobface

27 Feb 10   Filed in Website exploits with 5 Comments

This research is provoked by the following blogpost of Joshua Long where he lists domain names used by Koobface. Generally, I focus on website hacks and don’t research malware distributed via email spam and social networks (Koobface is an anagram of Facebook). However that list showed me how legitimate hacked sites were integrated into Koobface scheme and I decided to try to investigate how the whole thing worked.

Joshua’s list was a good starting point. I saw multiple rogue blogspot blogs that followed the same pattern and multiple compromised sites where those blogs redirected to. For some reason, most of the functionality of the malicious pages on the hacked sites is implemented as a client-side JavaScript, so I could easily retrieve and analyze those scripts. They provided me with very interesting details about the internals of the attack: sites it expected as referrers and usage of infected PCs. As a result I came up to the following scheme:
Koobface attack flow and other details »»

Google Analytics is an Intermediary in Malware Distribution

26 Mar 09   Filed in General with 2 Comments

Just checked one site that Google lists as suspicious. And here is what I discovered on the Safe Browsing diagnostic page

google-analytics.com is listed as intermediary

Continue »»

New Version of Unmask Parasites Released

27 Jan 09   Filed in Unmask Parasites with Comments Off

Happy Chinese New Year!

I’ve got a new version of Unmask Parasites. It’s a free online tool that helps site owners reveal hidden security problems. Hope you will like it.

Safe Browsing Integration.

The major new feature is the integration with Google’s Safe Browsing project. Now examined links and all referenced domains are checked against Google’s blacklist. It’s the same list that Firefox 3, Safari and Google Chrome use.

The results will clearly indicate whether a page links to suspicious sites (bad neighborhoods) or generates security warnings in Google’s search results and in popular modern web browsers. Continue »»