Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Attackers tend to get smarter in order to avoid detection, as well as gain access to your WordPress site. They use legit functions of the WordPress core to create users, post spammy content, and other kinds of malicious activities.

Read More ...

During an incident response process, we identified some files located at a website’s root folder. Although they had different filenames (post.php, news.php, home.php, etc), they had the same malicious content:

Read More ...

Backdoors evolve. They tend to get more complex, harder to understand and harder to decode, but this is not always the case.

Read More ...

Attackers work hard to make their code very well hidden from the victim and antivirus products, however they might leave some fingerprints (usually not on purpose) that can make the infection easier to detect and remediate.

Read More ...

Attackers will do desperate and obvious things to boost the views of their 'customers'.

On a daily basis we find different malicious redirects (some are very well hidden, others not so much).

The case with this JavaScript redirect is not so different than the other malicious redirects out there, except for one thing - it is constructed from multiple redirects via multiple servers in order for the attacker to gather statistics and monetize the ‘clicks’ from the scripts.

Read More ...

Latest malware entries

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
55iframehttp://poseyhumane.org/stats.php
6iframehttp://zumobtr.ru/gate.php?f=1041671
6iframehttp://ads.rzb.ir/image.php?size_id=7
4iframehttp://www.cascadecowcutters.org/wp-content/upgrade/update.php
4iframehttp://couriertracking247.in/
2iframehttp://stjohnsdryden.org/img/common/download.php
2iframehttp://bucknine.cf/visionovni17.html
1iframehttp://www.trypie.info/update.php
1iframehttp://vefire.ru/apps/11/
1iframehttp://criosfera.cf/marahmerah17.html
Limited view... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
9redirectionshttp://goodhotwebmart.in/
6redirectionshttp://www.mpzbearing.in/
5redirectionshttp://portal-d.pw/XcTyTp
4redirectionshttp://default7.com
4redirectionshttp://alfsystem.com.my/includes/domit/1.php
2redirectionshttp://wwwjazztel.com/?folio=9PO6Z3MVF
2redirectionshttp://ww1.zibahairsalon.com/?folio=9POGF6H4I
2redirectionshttp://ww1.mtclassificados.net/?folio=9POGF6H4I
2redirectionshttp://top-24h-can-store.com/redirect.php?z=viagra
2redirectionshttp://summerphotography.net/?folio=9PO6Z3MVF
2redirectionshttp://slonova-gora.com/?folio=9POGF6H4I
2redirectionshttp://nubiangraphics.com/?folio=9PO6Z3MVF
2redirectionshttp://myflippincoach.biz/Deals/MyFlippinCoach/
2redirectionshttp://mathaids.com/?folio=9PO6Z3MVF
2redirectionshttp://luxurytds.com/go.php?sid=
2redirectionshttp://luckyherbssupply.in/
2redirectionshttp://laatminute.com/?folio=9PO6Z3MVF
2redirectionshttp://huaweidevices.es/?folio=9POGF6H4I
2redirectionshttp://hotmp3s.com/?folio=9PO6Z3MVF
2redirectionshttp://goldpole.com/?folio=9PO6Z3MVF
Limited view... Only the top entries being displayed.

Spammers

Latest spammers we have detected sending comment, forum or SEO spam.

# of sites infectedTypeMalware / Domains
20spammerhttp://123livesex.com/,forumspam,2014-01
20spammerhttp://20min.ch,forumspam,2014-01
20spammerhttp://90210daily.com/,forumspam,2014-01
20spammerhttp://EzAdBlaster.com,forumspam,2014-01
20spammerhttp://absolutefringe.com,forumspam,2014-01
20spammerhttp://adaptfunrun.org/,forumspam,2014-01
20spammerhttp://andresmarcossanchez.com/MichaelKors/ ,forumspam,2014-01
20spammerhttp://appliancelandinc.com/,forumspam,2014-01
20spammerhttp://audiobookkeeper.ru/,forumspam,2014-01
20spammerhttp://australiainternetsearch.com/,forumspam,2014-01
20spammerhttp://autism.sedl.org/index.php/about-us,forumspam,2014-01
20spammerhttp://axanaxplease.com/,forumspam,2014-01
20spammerhttp://ayurvedatradicional.com/wordpress/ ,forumspam,2014-01
20spammerhttp://azezhomeloans.com/body.html,forumspam,2014-01
20spammerhttp://baltimorecomiccon.com/sponsors/,forumspam,2014-01
20spammerhttp://bashkiaprrenjas.com/,forumspam,2014-01
20spammerhttp://bellezzaamica.it/Moncler-Sale-With-Free-Shipping.html,forumspam,2014-01
20spammerhttp://birdsofstkittsnevis.com/files/,forumspam,2014-01
20spammerhttp://bmaphoenix.org/young-professionals/,forumspam,2014-01
20spammerhttp://bradblaze.com.au/,forumspam,2014-01
Limited view... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
12javascripthttp://div-class-container.ru/m/": var a910ab1=[855,915,955,960,973,887,970,971,976,963,956,916...
22javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
20javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
17javascript<script src="http://pops.virgilio.us/pop.php?id=1"></script>
10javascript<script>var b="red";c="mod";function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+60*c...
9javascript<script type="text/javascript">var pid='52877';var pixel='468x60';var c_pid='YWQ2LmV1';var pare...
9javascript<script type="text/javascript" src="http://psicholog-msk.ru/scripts/kd7tvnbv.php?id=3023929"></...
3javascript<script>izs=19099;tm="168242";</script><script language="JavaScript" type="text/JavaScript" cha...
2javascript<script type="text/javascript" src="http://ledomaine-miltat.fr/crbst_pa_0_p_22dshk39np8ay/wqqry...
1javascript<script type="text/javascript" src="http://ledomaine-miltat.fr/crbst_pa_0_p_22dshk39np8ay/wqqry...
Limited view... Only the top entries being displayed.