-
Recent Posts
Recent Comments
Archives
Categories
Meta
Tag Archives: infected website
riotassistance.ru infections
We’ve been seeing more website infections with a malscript that looks like: (opening script tag) src=”hxxp:// riotassistance.ru /Website.js”>(closing script tag) Note: We’ve also seen this same this but with nuttypiano replacing riotassistance. Sometimes the last part: Website.js is something else: … Continue reading
toobarcom, mybar, adsnet infections
Over the past week or so, we’ve been fighting a new website infection. At first, it appeared to be infecting just one hosting provider, but as we investigated further, we found it was affecting websites on many hosting providers. I’m … Continue reading
Posted in Uncategorized
Tagged adsnet.biz, backdoor, edisonsnightclub.com, freead.name, ftp credentials, gaindirectory.org, hackers, hosting providers, ideacoreportal.com, infected website, karenegren.com, malicious code, malscript, myads.name, mybar.us, obfuscated, this.b=this.M, toolbarcom.org, var st, website infection
Leave a comment
Vancouvererrorsonfile infection
Over the past few days we’ve cleaned 312 infected websites all with the script: (spaces added so it doesn’t set an alarm with your anti-virus program). As of right now the following sites don’t recognize vancouvererrorsonfile.com as being malicious: Google … Continue reading
Nutcountry.ru and Parkperson.ru iframes
Over the past week we’ve been seeing a lot of infected websites that have an iframe that contains one of these two URLs: nutcountry.ru:8080/index.php parkperson.ru:8080/index.php A little searching found that approximately 25,000 web pages have the nutcountry.ru:8080/index.php iframe and another … Continue reading
Posted in Uncategorized
Tagged asprox, infected website, nemohuildiin.ru, nutcountry, parkperson, sql injection
1 Comment
Attack of mailcheck.php and chat.pl
This attack isn’t anything new, it was used on a number of Italian sites in March 2010, but we’ve been seeing more of it infecting websites recently so I thought I’d elaborate. Quite often when scanning or cleaning infected websites, … Continue reading
Posted in Uncategorized
Tagged base64_decode, chat.pl, hackers, infected website, mailcheck.php, ob_start, security_update
Leave a comment
Another Round of Beladen? Or, The New "Go" Infection
On Wednesday July 22, 2009 we started seeing what looks to be a new round of beladen style website infections by cybercriminals. The reason we think they’re beladen style is that they appear to infect all the websites on shared … Continue reading
Posted in Uncategorized
Tagged anti-virus, beladen, cybercriminal, daobrains.info, deobfuscate, evading detection, globalsecurityscans.com, goscansome.com, goscansoon.com, goslimscan.com, gumblar, hacker, hackers, hosting provider, ina6co.com, infected webpage, infected website, infectious website, legitimate website, malicious code, malscript, malware, martuz, obfuscate, oigmlob, safetyshareonline.com, social engineering, sql injection, this site may harm your computer, trojan, undetectable, ventsol.info
14 Comments
A New Spin on martuz Website Infection
We were tasked with helping a website owner find all the malscripts on his site and remove them. He, like many, learned that his site was an infectious website delivering malicious code with an email from Google. This website owner … Continue reading
What Conficker was – and wasn't
Well, the big April 1st “dooms day” has come and gone. I’ll admit that even though we really didn’t think anything malicious was going to happen, we did add a Conficker scanner to The Box (our security appliance at www.ebasedsecurity.com) … Continue reading
Social Networks & Social Engineering – Twitter Round 2
Continuing on from Round 1, I decided to take a step further and show you exactly how susceptible you are to a socially engineered infection through Twitter. Actually it’s more an attack through TinyURL.com, but since Twitter automatically converts URLs … Continue reading
Social Networks & Social Engineering – Twitter Round 1
My first review will be Twitter. I selected Twitter because it’s widely used and even easier for social engineering than some of the others. First a little background on Twitter. Many people categorize Twitter as a “micro” blog. This means … Continue reading
Posted in Social Networks
Tagged bit.ly, cyber attacks, cyber threats, cybercriminal, cybersecurity, evading detection, Facebook, get-shorty, hacker, hackers, infected webpage, infected website, infectious websites, malicious code, malware, snipurl, social engineering, tinyurl, Twitter
Leave a comment