.htaccess redirections to software-boss.ru and programmengineering.ru
Just an update to the .htaccess redirections attacks that we have been tracking for the last few days (most of them to .ru domains). Those are some of the domains being used right now:...
View ArticleMore spam (via .htaccess) to search-box.in and malware from savebotstat.com
Very interesting .htaccess redirection to send traffic from Google and Yahoo image search to search-box.in. That’s what gets added to the hacked site: AddHandler application/x-httpd-php .html .htm...
View ArticleosCommerce compromises – Now from tiasissi.com.br
We have been blogging about the “willysy” malware for a little while, but the attacks against osCommerce are still happening and very active. The latest change is that the “willysy.com” (or exero.eu)...
View ArticleMalware update – Timthumb.php and .htaccess redirection
We have been very busy in our blog explaining about the latest TimThumb.php vulnerability and the affect it is having on WordPress web sites. If you missed the articles, please check here:...
View ArticleMalware updates: Aug 2011 – .htaccess to .ru and osa.pl, iframes to .cc and .il
We are often asked what were the top domains distributing malware or what threats we see more often on our security scanner. For the month of August, things were very similar to the previous ones,...
View ArticleNew Malware – sweepstakesandcontestsnow.com
We are seeing many WordPress sites on shared hosts (GoDaddy, Bluehost, Dreamhost and a few others) compromised with a malware from sweepstakesandcontestsnow.com. This is what is gets added to the...
View ArticleSQL injections: nbnjkl.com/urchin.js and jjghui.com/urchin.js
We are seeing many sites compromised with malware from jjghui.com/urchin.js (and now nbnjkl.com/urchin.js). Most of them are IIS/ASP sites and the infection method seems to be similar to the Lizamoon...
View ArticleNew .htaccess attacks
Seeing some interesting modifications to the old style of .htaccess attacks. The attackers are using a lot of referer domains and using .in domains (along with the .ru). This is an example of the...
View ArticleNew Malware – Eval + GetMama + Encoded Javascript
We are seeing many WordPress sites on shared hosts getting compromised with an encoded javascript malware. It has multiple levels of obfuscation and that’s how it starts: 1- ALL PHP files with an...
View ArticleHow to stop the hacker
How to stop the hacker? This is a very common question we get daily. “My site got hacked, how can I stop the hacker from attacking me again?” Stopping the hacker You can’t really stop the hacker from...
View Article
