Why Does Google Consider Some Images Malicious?
The other day I received an email from a webmaster whose site was blacklisted by Google. In Webmaster Tools, he found the following example of a malicious code detected on his site (domain changed):
<img src="http://example .net/images/logos/rssicon.png" />
So why did Google think this image tag was malicious? Can images be malicious? After all they are not scripts, iframes or embedded executable objects that that hackers use to attack web surfers.
Continue »»
Two Tweet Weeks: April 18 – May1, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
new MS anti-virus, security updates, #RoyalWedding search results poisoning …
Major Disasters in Poisoned Search Results
Only a few hours after the Friday’s 8.9 earthquake and the consequent tsunami hit Japan, security researchers noticed many poisoned Google search results for this news related searches that redirected web surfers to fake antivirus sites.
This situation nothing new. We’ve seen similarly poisoned search results for Haitian earthquake a year ago, for the recent New Zealand’s earthquake, for last year’s floods in Pakistan, etc.
Many people use search engines to find details about breaking news such as natural disasters, catastrophes, accidents, etc. Such hardly predictable events, have literally zero relevant results before they happen, so during the first few hours after the event almost any site with relevant information have good chances to rank high on Google. This short window when competition is quite light is all cyber-criminal need to have a steady traffic to their breaking new related doorway pages. Then, when every news site and blog add their 2 cents and there are plenty resources about those hot topics, only most reputable and most relevant web pages make it to the top of search results.
I decided to check the poisoned search results and here’s what I found:
Continue »»
Tweet Week: September 13-19, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: August 16-22, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Tweet Week: April 19-25, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Malware info in Webmaster Tools, StopBadware Stories, links from Matt Cutts and Brian Krebs, etc. »»
Tweet Week: April 5-11, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
mass WP hack on Network Solutions, virtualization, Google Webmaster Tools, etc … »»
Tweet Week: March 29 – April 4, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
security patches, SpyEye vs. Zeus, Black-hat SEO, Google vs phishing … »»
Tweet Week: March 1-7, 2010
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Google notifications, security patches, malicious PHP code … »»
Bety.php Hack. Part 2. Black Hats in Action.
This is the second article about the hacker attack against osCommerce-powered sites. In the first part, you can find the description of the attack along with detection and clean-up instructions. Now I want to show you what exactly hackers did and how they managed to poison Google search results.
The main goal is to demystify hackers and encourage webmasters to explore their own sites. The more you know about hackers, the better you’ll be at protecting your site against their attacks.
This post is based on the files and access logs of three compromised sites that I received from a webmaster who contacted me a couple of weeks ago.
Quick facts
- The attack uses unpatched vulnerability in osCommerce 2.2 that allows an attacker to upload arbitrary files to compromised servers using a security hole in file_manager.php.
- Only one of the three sites actually uses osCommerse (site-1).The rest two sites had been hacked using access gained via the hacked site-1.
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
