Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Years ago, colleagues from Yandex introduced the concept of Mayhem infections.

In that post, they provided very detailed information about the malware, its functionalities and capabilities.

Read More ...

Many websites get compromised and used for SEO in order to drive traffic to other websites that would usually be ranked very low or completely removed by Google due to their content. Recently I found some malware pulling spam content from chinajianzhan[.]cn.

Read More ...

Attackers often aim to conceal their presence using different methods, such as injecting redirect scripts, creating spam pages, or hiding a mailer in checkout pages to steal credit cards; but this is not always the case.

Read More ...

Recently, during an incident response process, we worked on an interesting Magento website. This site was reported to having a strange redirection when users visited the site. Without further ado, we started investigating the issue on this site.

Read More ...

During an incident response investigation, we detected an interesting backdoor that was small but had the potential to give the attacker full access to your website and all its content.

Let’s review the backdoor content which was placed into the wp-content/themes/newaffpower/functions.php file:

Read More ...

When talking about compromised environments, we often think that the website itself is the end goal but that’s not always true. In some cases, attackers shift their focus to the user instead, especially when the website has lots of traffic.

Read More ...

A mobile malware is a malicious software that targets mobile/smartphones, tablets and similar devices. The attacks may vary from fatal damage to the OS (bricking) to leakage of sensitive and personal information, such as credit card, saved passwords, pictures and much more.

Read More ...

Most malware and spam that we come across has some sort of discernable purpose to it, usually something which benefits the attackers financially. This is often related to spam campaigns, credit card theft, spreading trojans/spyware or phishing scams. However, every so often we find something that defies this trend and is just downright evil. We found a PHP script named config-r.php in the root directory of a website that contained the following code:

Read More ...

During an incident response investigation, we detected an interesting backdoor that was hidden in a fake image. The attacker was quite creative in creating an attack that would work in two steps.

Read More ...