Selected Tweets (Oct-Nov 2011)
Selected short messages and links you might have missed if you don’t follow me on Twitter.
It has been a while since the last Tweet Week. The main reason is I don’t tweet that often now to post my tweets every week and I don’t want to post old news here either.
So what happened? The answer is I can’t get used to Twitter web interface – it is so inconvenient. I had to use it when I had some strange problems with my Twitter client (twhirl). Thank’s god, I’ve finally made my twhirl work so I hope I will be able to tweet more often.
Anyway, here are some of the latest tweets.
Continue »»
/tmp/wp_inc or Not Your Typical WordPress Attack
This post will provide a very detailed and rather technical description of the latest massive WordPress hack. I find it interesting in many ways. Mainly because it’s so atypical.
If you don’t have time to read the whole article, you can head directly to the short description of the attack and then to the Summary section where I talk about what’s new, strange and uncommon in this attack. Or if you are a webmaster of a hacked blog, go to the “To Webmasters” section – it will help you resolve the problem.
Continue »»
Tweet Week: August 22-28, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
TimThumb attacks, We Stop Badware Host program, blog scrapers, Apache DOS and workaround »»
Hackers target unpatched WooFramework
When Michael VanDeMar mentioned the malicious “googlesafebrowsing .com” domain, I decided to check how exactly it was used in malware attacks. It’s quite a popular trick to mimic Google’s own domains to make malicious code look legitimate. I have a “collection” of several dozens on misspelled Google Analytics domains alone that were used for malware distribution. In this case, the domain name was made up rather than misspelled. It referres to Google’s Safe Browsing project and their diagnostic pages that actually use the google.com domain (as most other Google’s services).
Continue »»
Two Tweet Weeks: August 8-21, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Following the Black Hat SEO Traces
This is a follow up to my last week’s post about hacked WordPress blogs and poisoned Google Images search results. Cyber-criminals infiltrated 4,000+ self-hosted WP blogs and created doorway pages that would redirect visitors coming from Google Images search to scareware sites. A few days ago I posted a short update to let you know that Google has removed the doorway pages from its index. I also promised to share some new interesting details about that black hat SEO campaign. So here we go!
Continue »»
Two Tweet Weeks: July 25 – August 7, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Hacked WordPress Blogs Poison Google Images
After a series of posts about Google Image poisoning campaigns that used hot-linked images a main trick to get top positions in search results, I’d like to describe a different Google Image poisoning attack that affects WordPress blogs and uses self-hosted images.
Continue »»
Tweet Week: July 18-24, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Google’s warning, G.CO, Python in WordPress!?, Joomla 1.7, follow up on the tattoo spam »»
Tweet Week: July 11-17, 2011
Selected short messages and links you might have missed if you don’t follow me on Twitter.
Yahoo without Site Explorer, Google without CO.TV, new WordPress, PuTTY »»
About this blog
Occasional posts from the developer of
Unmask Parasites about things that hackers already know and site owners should know (if they don't want to be victims).
Exploit reviews, security tips, and all that jazz.
