HackDig : Dig high-quality web security articles for hacker

Website Malware – The SWF iFrame Injector Evolves

Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, malicious iFrame. It appears that the author of that Flash malware continued with this method of infection. Now we are seeing more varieties infecting both WordPress and Joomla websites. Though it
Publish At:2015-04-02 21:25 | Read:2802 | Comments:0 | Tags:Joomla! Security Website Malware Website Security WordPress

Website Malware – The SWF iFrame Injector Evolves

Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, malicious iFrame. It appears that the author of that Flash malware continued with this method of infection. Now we are seeing more varieties infecting both WordPress and Joomla websites. Though it
Publish At:2015-04-02 15:10 | Read:2952 | Comments:0 | Tags:Joomla! Security Website Malware Website Security WordPress

WordPress Malware Causes Psuedo-Darkleech Infection

Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It’s difficult to detect because the malware is only active when both server and site admins are not logged in, and the iFrame is only injected once a day (or o
Publish At:2015-03-26 13:15 | Read:2359 | Comments:0 | Tags:Joomla! Security Webserver Infections Website Malware Websit

Inverted WordPress Trojan

Trojan (or trojan horse) is software that does (or pretends to be doing) something useful but also contains a secret malicious payload that inconspicuously does something bad. In WordPress, typical trojans are plugins and themes (usually pirated) which may have backdoors, or send out spam, create doorways, inject hidden links or malware. The trojan model is
Publish At:2015-03-11 20:45 | Read:5959 | Comments:0 | Tags:Website Malware WordPress Security

Why A Free Obfuscator Is Not Always Free.

We all love our code but some of us love it so much that we don’t want anyone else to read or understand it. When you think about it, that’s understandable – hours and hours of hard dev work, days of testing and weeks (months?, years?) of fixing bugs and after all of this, someone steals, changes or modifies your hard work. To address these concerns,
Publish At:2015-03-05 14:20 | Read:2085 | Comments:0 | Tags:Website Malware Website Security cleanup decoding forensics

Analyzing Malicious Redirects in the IP.Board CMS

Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller CMS’s and we help clean all kinds of sites. This post will be about conditional redirects in IP.Board forums (currently #27 with 0.3% of the CMS market). Conditional redirects The symptoms of the problem
Publish At:2015-02-10 14:15 | Read:3817 | Comments:0 | Tags:Website Malware Website Security conditional File Infections

Bogus Mobile-Shortcuts WordPress Plugin Injects SEO Spam

Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selling luxury goods. Most of the time this involves injecting hundreds of spam links into the site’s database but in this case a deceptive, fake plugin called mobile-shortcuts was able to be a bit more
Publish At:2015-01-30 15:50 | Read:2467 | Comments:0 | Tags:Website Malware Website Security Website Spam WordPress Secu

Websites Compromised with CloudFrond Injection

If you haven’t already noticed, we spent a good deal of time scraping the bottom of the interweb barrel, it’s dirty work, but someone has to do it. I’m not going to lie though, to us it’s fascinating digging up little nuggets daily, understanding how attackers think and uncovering the latest trends. Besides, it gives us countless oppo
Publish At:2015-01-07 20:45 | Read:3442 | Comments:0 | Tags:Website Infection[s] Website Malware Cloud

SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11

Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the RevSlider vulnerability as a point of penetration, then uploads a backdoor and infects all websites that share the same server account. This means websites that don’t use the RevSlider plugin can be infected too. The visito
Publish At:2014-12-16 18:10 | Read:2513 | Comments:0 | Tags:Website Infection[s] Website Malware Website Security WordPr

SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11

Thousands of WordPress sites has been hit by the SoakSoak attack lately. At this moment we know quit a lot about it. It uses the RevSlider vulnerability as a point of penetration. Then uploads a backdoor and infects all websites that share the same server account (so sites that don’t use the RevSlider plugin can be infected too). The site visitors faci
Publish At:2014-12-16 10:55 | Read:3771 | Comments:0 | Tags:Website Infection[s] Website Malware Website Security WordPr

SoakSoak Malware Compromises 100,000+ WordPress Websites

This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Google Blacklisting – SoakSoak.ru Our analysis is showing impacts in the order of 100’s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation
Publish At:2014-12-14 18:25 | Read:3186 | Comments:0 | Tags:Website Malware

Website Malware Removal: Phishing

As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a “phisher-man” will try their luck baiting users with fake pages, often in the form of login pages. These copied website pages are cast into infected websites with the ho
Publish At:2014-11-21 16:35 | Read:2792 | Comments:0 | Tags:Learn Website Malware Website Security phishing prevention v

RSS Reveals Malware Injections

There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check f
Publish At:2014-11-19 10:35 | Read:3526 | Comments:0 | Tags:Website Infection[s] Website Malware Website Security rss se

The Art of Website Malware Removal – The Basics

When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand the anatomy of the attack and prevent it from happening again. However, there is a less glamorous task that must take place once an attack vector is exploited; that is malware removal
Publish At:2014-11-14 16:20 | Read:3306 | Comments:0 | Tags:Learn Website Malware Website Security backdoor drive-by-dow

The Art of Website Malware Removal – The Basics

When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand the anatomy of the attack and prevent it from happening again. However, there is a less glamorous task that must take place once an attack vector is exploited; that is malware removal
Publish At:2014-11-14 09:05 | Read:2797 | Comments:0 | Tags:Learn Website Malware Website Security backdoor drive-by-dow

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud