Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Sucuri Research Labs

The home of our Security Operations Group, including our Malware Research and Incident Response teams.

During an incident response investigation, we detected an interesting backdoor that was hidden in a fake image. The attacker was quite creative in creating an attack that would work in two steps.

Read More ...

Phishers usually want to protect their pages from being detected by search engines and security companies. To achieve that, they add .htaccess files that deny access to their phishing directories from known IP addresses and networks. Depending on the scenario, if they are targeting a specific type of service (online banking for instance) attackers may allow only a set of visitors from a specific country to see that phishing page.

Read More ...

In a compromised environment, attackers may inject malicious code into different files, including the core of different CMSs, in order to maintain access to the website and/or obtain sensitive data. Although these issues are very simple to be identified and remediated, not all users constantly monitor their websites for such file integrity breaches.

Read More ...

Social engineering techniques, like phishing, can be powerful in persuading users into performing specific actions or disclosing confidential information. In these types of scenarios, attackers look for vulnerable sites on the web to upload fake pages pretending to be trustworthy organizations, such as banks, email and payment services, etc.

Read More ...

Latest malware entries

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
55iframehttp://poseyhumane.org/stats.php
6iframehttp://zumobtr.ru/gate.php?f=1041671
6iframehttp://ads.rzb.ir/image.php?size_id=7
4iframehttp://www.cascadecowcutters.org/wp-content/upgrade/update.php
4iframehttp://couriertracking247.in/
2iframehttp://stjohnsdryden.org/img/common/download.php
2iframehttp://bucknine.cf/visionovni17.html
1iframehttp://www.trypie.info/update.php
1iframehttp://vefire.ru/apps/11/
1iframehttp://criosfera.cf/marahmerah17.html
Limited view... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
9redirectionshttp://goodhotwebmart.in/
6redirectionshttp://www.mpzbearing.in/
5redirectionshttp://portal-d.pw/XcTyTp
4redirectionshttp://default7.com
4redirectionshttp://alfsystem.com.my/includes/domit/1.php
2redirectionshttp://wwwjazztel.com/?folio=9PO6Z3MVF
2redirectionshttp://ww1.zibahairsalon.com/?folio=9POGF6H4I
2redirectionshttp://ww1.mtclassificados.net/?folio=9POGF6H4I
2redirectionshttp://top-24h-can-store.com/redirect.php?z=viagra
2redirectionshttp://summerphotography.net/?folio=9PO6Z3MVF
2redirectionshttp://slonova-gora.com/?folio=9POGF6H4I
2redirectionshttp://nubiangraphics.com/?folio=9PO6Z3MVF
2redirectionshttp://myflippincoach.biz/Deals/MyFlippinCoach/
2redirectionshttp://mathaids.com/?folio=9PO6Z3MVF
2redirectionshttp://luxurytds.com/go.php?sid=
2redirectionshttp://luckyherbssupply.in/
2redirectionshttp://laatminute.com/?folio=9PO6Z3MVF
2redirectionshttp://huaweidevices.es/?folio=9POGF6H4I
2redirectionshttp://hotmp3s.com/?folio=9PO6Z3MVF
2redirectionshttp://goldpole.com/?folio=9PO6Z3MVF
Limited view... Only the top entries being displayed.

Spammers

Latest spammers we have detected sending comment, forum or SEO spam.

# of sites infectedTypeMalware / Domains
20spammerhttp://123livesex.com/,forumspam,2014-01
20spammerhttp://20min.ch,forumspam,2014-01
20spammerhttp://90210daily.com/,forumspam,2014-01
20spammerhttp://EzAdBlaster.com,forumspam,2014-01
20spammerhttp://absolutefringe.com,forumspam,2014-01
20spammerhttp://adaptfunrun.org/,forumspam,2014-01
20spammerhttp://andresmarcossanchez.com/MichaelKors/ ,forumspam,2014-01
20spammerhttp://appliancelandinc.com/,forumspam,2014-01
20spammerhttp://audiobookkeeper.ru/,forumspam,2014-01
20spammerhttp://australiainternetsearch.com/,forumspam,2014-01
20spammerhttp://autism.sedl.org/index.php/about-us,forumspam,2014-01
20spammerhttp://axanaxplease.com/,forumspam,2014-01
20spammerhttp://ayurvedatradicional.com/wordpress/ ,forumspam,2014-01
20spammerhttp://azezhomeloans.com/body.html,forumspam,2014-01
20spammerhttp://baltimorecomiccon.com/sponsors/,forumspam,2014-01
20spammerhttp://bashkiaprrenjas.com/,forumspam,2014-01
20spammerhttp://bellezzaamica.it/Moncler-Sale-With-Free-Shipping.html,forumspam,2014-01
20spammerhttp://birdsofstkittsnevis.com/files/,forumspam,2014-01
20spammerhttp://bmaphoenix.org/young-professionals/,forumspam,2014-01
20spammerhttp://bradblaze.com.au/,forumspam,2014-01
Limited view... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
12javascripthttp://div-class-container.ru/m/": var a910ab1=[855,915,955,960,973,887,970,971,976,963,956,916...
22javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
20javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
17javascript<script src="http://pops.virgilio.us/pop.php?id=1"></script>
10javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
9javascript<script type="text/javascript">var pid='52877';var pixel='468x60';var c_pid='YWQ2LmV1';var pare...
9javascript<script type="text/javascript" src="http://psicholog-msk.ru/scripts/kd7tvnbv.php?id=3023929"></...
3javascript<script>izs=19099;tm="168242";</script><script language="JavaScript" type="text/JavaScript" cha...
2javascript<script type="text/javascript" src="http://ledomaine-miltat.fr/crbst_pa_0_p_22dshk39np8ay/wqqry...
1javascript<script type="text/javascript" src="http://ledomaine-miltat.fr/crbst_pa_0_p_22dshk39np8ay/wqqry...
Limited view... Only the top entries being displayed.