msgbartop
Unmask Parasites - Check your web pages for hidden links, iframes, malicious scripts, unauthorized redirects and other signs of security problems.
msgbarbottom
Loading site search ...

Working With the Darkleech Bitly Data

10 Feb 14   Filed in General with 0 Comments

Data Driven Security took the time to analyze the raw data that I published in my recent post on Sucuri blog about how I used Bitly data to understand the scale of the Darkleech infection.

In their article, they have a few questions about data formats, meaning of certain fields and some inconsistencies, so I’ll try to answer their questions here and explain how I worked with the data.
Continue »»

Happy 2nd Birthday, Unmask Parasites!

01 Jul 10   Filed in Unmask Parasites with 4 Comments

Unmask Parasites turns two years old today!

A year ago I posted some statistics. Let’s compare the first two years.
Continue »»

Bety.php Hack. Part 2. Black Hats in Action.

26 Jan 10   Filed in Website exploits with 3 Comments

This is the second article about the hacker attack against osCommerce-powered sites. In the first part, you can find the description of the attack along with detection and clean-up instructions. Now I want to show you what exactly hackers did and how they managed to poison Google search results.

The main goal is to demystify hackers and encourage webmasters to explore their own sites. The more you know about hackers, the better you’ll be at protecting your site against their attacks.

This post is based on the files and access logs of three compromised sites that I received from a webmaster who contacted me a couple of weeks ago.

Quick facts

  1. The attack uses unpatched vulnerability in osCommerce 2.2 that allows an attacker to upload arbitrary files to compromised servers using a security hole in file_manager.php.
  2. Only one of the three sites actually uses osCommerse (site-1).The rest two sites had been hacked using access gained via the hacked site-1.

Chronicle of the attack »»

Unmask Parasites. A Year of Blogging.

02 Dec 09   Filed in General with 4 Comments

A year ago, on December 1, 2008, I published my first post on this blog. Its title was “Let’s Unmask Parasites“.

Working on Unmask Parasites service, I could easily spot prevalent threats and trends in malware attacks. I used this information to help webmasters of hacked sites on various security-related forums and news groups. However, forum format assumes that you answer similar questions again and again, which is very inefficient. That’s why I decided to publish information about prevalent website security problems here. This way I could write detailed information once and then just link to my articles in my forum answers.

Continue »» (Round-up of what happened to this blog this year. Stats and facts.)

Happy Birthday Unmask Parasites!

01 Jul 09   Filed in Unmask Parasites with 4 Comments

Exactly one year ago I purchased the UnmaskParasites.com domain name and made the first early beta version of my new service available for public testing.

One year later Unmask Parasites is still in beta but now it’s a much more mature service that has proven its viability.

Many interesting things happened during this year.  I’m not a good writer to make it an interesting reading, so I’ll only list some milestones, facts and statistics here.
Continue »»