The other day I received an email from a webmaster whose site was blacklisted by Google. In Webmaster Tools, he found the following example of a malicious code detected on his site (domain changed):
<img src="http://example .net/images/logos/rssicon.png" />
So why did Google think this image tag was malicious? Can images be malicious? After all they are not scripts, iframes or embedded executable objects that that hackers use to attack web surfers.
Continue »»
Selected short messages and links you might have missed if you don’t follow me on Twitter.
new MS anti-virus, security updates, #RoyalWedding search results poisoning …
Only a few hours after the Friday’s 8.9 earthquake and the consequent tsunami hit Japan, security researchers noticed many poisoned Google search results for this news related searches that redirected web surfers to fake antivirus sites.
This situation nothing new. We’ve seen similarly poisoned search results for Haitian earthquake a year ago, for the recent New Zealand’s earthquake, for last year’s floods in Pakistan, etc.
Many people use search engines to find details about breaking news such as natural disasters, catastrophes, accidents, etc. Such hardly predictable events, have literally zero relevant results before they happen, so during the first few hours after the event almost any site with relevant information have good chances to rank high on Google. This short window when competition is quite light is all cyber-criminal need to have a steady traffic to their breaking new related doorway pages. Then, when every news site and blog add their 2 cents and there are plenty resources about those hot topics, only most reputable and most relevant web pages make it to the top of search results.
I decided to check the poisoned search results and here’s what I found:
Continue »»
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Malware info in Webmaster Tools, StopBadware Stories, links from Matt Cutts and Brian Krebs, etc. »»
Selected short messages and links you might have missed if you don’t follow me on Twitter.
mass WP hack on Network Solutions, virtualization, Google Webmaster Tools, etc … »»
Selected short messages and links you might have missed if you don’t follow me on Twitter.
security patches, SpyEye vs. Zeus, Black-hat SEO, Google vs phishing … »»
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Google notifications, security patches, malicious PHP code … »»
This is the second article about the hacker attack against osCommerce-powered sites. In the first part, you can find the description of the attack along with detection and clean-up instructions. Now I want to show you what exactly hackers did and how they managed to poison Google search results.
The main goal is to demystify hackers and encourage webmasters to explore their own sites. The more you know about hackers, the better you’ll be at protecting your site against their attacks.
This post is based on the files and access logs of three compromised sites that I received from a webmaster who contacted me a couple of weeks ago.