msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Following the Black Hat SEO Traces

14 Aug 11   Filed in Tips and Tricks, Website exploits with 6 Comments

This is a follow up to my last week’s post about hacked WordPress blogs and poisoned Google Images search results. Cyber-criminals infiltrated 4,000+ self-hosted WP blogs and created doorway pages that would redirect visitors coming from Google Images search to scareware sites. A few days ago I posted a short update to let you know that Google has removed the doorway pages from its index. I also promised to share some new interesting details about that black hat SEO campaign. So here we go!
Continue »»

Two Tweet Weeks: July 25 – August 7, 2011

08 Aug 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Crisis in Fake AV industry, story about incompetent security auditor, zero-day in WordPress themes, osCommerce hack, and many more »»

Hacked WordPress Blogs Poison Google Images

05 Aug 11   Filed in Website exploits with 12 Comments

After a series of posts about Google Image poisoning campaigns that used hot-linked images a main trick to get top positions in search results, I’d like to describe a different Google Image poisoning attack that affects WordPress blogs and uses self-hosted images.
Continue »»

Tweet Week: June 27 – July 3, 2011

04 Jul 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

banned CO.CC and CO.BE sites, WordPress 3.2 new sys requirements, 1000 tweets, Unmask Parasites turns 3 years old »»

Two Tweet Weeks: May 30 – June 12, 2011

13 Jun 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

SEO poisoning, Mac FakeAV vs PC FakeAV, the state of badware report, Readable SafeBrowsing addon …

Thousands of Hacked Sites Seriously Poison Google Image Search Results

05 May 11   Filed in Website exploits with 47 Comments

This investigation began a few weeks ago, when I came across the following two threads in website security forums:

[badwarebusters.org] Lately I have been seeing a huge increase in the number of hacked sites appearing on google image search results that redirect to a fake Av scanner. more »»

[Google Webmaster Help] google image search results often has multiple infected / malware sites on the first SERP page. more »»

This is a well known problem. I blogged about such SEO poisoning attacks several times here. This time I decided to check what’s behind the reported increase in malicious image search results.
Continue »»

Two Tweet Weeks: April 18 – May1, 2011

02 May 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

new MS anti-virus, security updates, #RoyalWedding search results poisoning …

Tweet Week: March 21-27, 2011

28 Mar 11   Filed in Tweet Week with Comments Off

Selected short messages and links you might have missed if you don’t follow me on Twitter.

Firefox 4, Google search results, scareware, attack story …

Major Disasters in Poisoned Search Results

14 Mar 11   Filed in Website exploits with 4 Comments

Only a few hours after the Friday’s 8.9 earthquake and the consequent tsunami hit Japan, security researchers noticed many poisoned Google search results for this news related searches that redirected web surfers to fake antivirus sites.

This situation nothing new. We’ve seen similarly poisoned search results for Haitian earthquake a year ago, for the recent New Zealand’s earthquake, for last year’s floods in Pakistan, etc.

Many people use search engines to find details about breaking news such as natural disasters, catastrophes, accidents, etc. Such hardly predictable events, have literally zero relevant results before they happen, so during the first few hours after the event almost any site with relevant information have good chances to rank high on Google. This short window when competition is quite light is all cyber-criminal need to have a steady traffic to their breaking new related doorway pages. Then, when every news site and blog add their 2 cents and there are plenty resources about those hot topics, only most reputable and most relevant web pages make it to the top of search results.

I decided to check the poisoned search results and here’s what I found:
Continue »»

Hackers Abuse Servage Hosting to Poison Google Image Search

28 Apr 10   Filed in Website exploits with 5 Comments

Two weeks ago I blogged about serious security problems of Network Solutions‘ shared hosting service. This time I’ll turn to another big shared hosting provider – Servage.

It’s not the first time I write about Servage. Actually this will be the 4th article in the series about rogue blogs on Servage network. It all started in November when I wrote about malicious blogs created in subdirectories of legitimate websites. The blogs poisoned Google search results for millions of relatively unpopular keywords (the long tail) redirecting visitors to scareware websites. In the second article, I showed the history of those rogue blogs (the first generation have dates in April of 2009) and how most of them (90%+) were found on Servage network. In the third article, I wrote about the internals of those rogue blogs and their malicious features.

A few days ago I found a new generation of rogue blogs on Servage network.
Here are the details …