-
Recent Posts
Recent Comments
Archives
Categories
Meta
Tag Archives: malscript
riotassistance.ru infections
We’ve been seeing more website infections with a malscript that looks like: (opening script tag) src=”hxxp:// riotassistance.ru /Website.js”>(closing script tag) Note: We’ve also seen this same this but with nuttypiano replacing riotassistance. Sometimes the last part: Website.js is something else: … Continue reading
toobarcom, mybar, adsnet infections
Over the past week or so, we’ve been fighting a new website infection. At first, it appeared to be infecting just one hosting provider, but as we investigated further, we found it was affecting websites on many hosting providers. I’m … Continue reading
Posted in Uncategorized
Tagged adsnet.biz, backdoor, edisonsnightclub.com, freead.name, ftp credentials, gaindirectory.org, hackers, hosting providers, ideacoreportal.com, infected website, karenegren.com, malicious code, malscript, myads.name, mybar.us, obfuscated, this.b=this.M, toolbarcom.org, var st, website infection
Leave a comment
osCommerce v2.2 Website Infections
During the past 10 days we started seeing a number of websites using osCommerce v2.2 being infected. The infection usually included some randomly named folder with a list of files in them. Some of the folder names we’ve seen include: … Continue reading
Posted in Uncategorized
Tagged infected, infection, malscript, nt002.cn, nt02.co.in, oscommerce, v2.2
4 Comments
Hackers now "touch" all files
This is going to be a short post. While working on cleaning a number of websites this past week, I’ve noticed something very different. One of the steps we take when cleaning a website is to record the last modified … Continue reading
The "onload if this" website infection
Of course the title of this post is only part of the infection. The typical type of infection I’m going to discuss first looks more like this: The domain this iframe directs to and the long string of characters (kzjev…) before … Continue reading
The new Attack – d0lphin.biz
We recently came across a number of websites that have been injected with malscript iframes that load malware from d0lphin.biz. Following is our report on this attack. Cybercriminals appear to be using their network of infected PCs to modify … Continue reading
Another Round of Beladen? Or, The New "Go" Infection
On Wednesday July 22, 2009 we started seeing what looks to be a new round of beladen style website infections by cybercriminals. The reason we think they’re beladen style is that they appear to infect all the websites on shared … Continue reading
Posted in Uncategorized
Tagged anti-virus, beladen, cybercriminal, daobrains.info, deobfuscate, evading detection, globalsecurityscans.com, goscansome.com, goscansoon.com, goslimscan.com, gumblar, hacker, hackers, hosting provider, ina6co.com, infected webpage, infected website, infectious website, legitimate website, malicious code, malscript, malware, martuz, obfuscate, oigmlob, safetyshareonline.com, social engineering, sql injection, this site may harm your computer, trojan, undetectable, ventsol.info
14 Comments
The Blame Game
Major Malware Outbreaks Evade Anti-Virus Protection A report released on July 14, 2009 states that “Several successive and massive malware outbreaks caused a spike in malware that was undetected by major AV engines.” In Commtouch’s Q2 Report available here , which … Continue reading
Posted in Uncategorized
Tagged adobe vulnerability, anti-virus, badwarebusters, cybercriminal, evading detection, ftp, gumblar, gumblar.cn, hacker, hackers, hosting provider, iframe, infected webpage, infectious website, infectious websites, malscript, malware, martuz, martuz.cn, SERP, this site may harm your computer, undetectable, website hacked
9 Comments
The Errors of Error Pages
Over the past few months, the number of sites infected with malscripts has increased dramatically. Many of these injection infections are difficult to track. Unbeknownst to many site operators, “error pages” can actually complicate the detection process. This blog posting … Continue reading
A New Spin on martuz Website Infection
We were tasked with helping a website owner find all the malscripts on his site and remove them. He, like many, learned that his site was an infectious website delivering malicious code with an email from Google. This website owner … Continue reading