Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

When talking about compromised environments, we often think that the website itself is the end goal but that’s not always true. In some cases, attackers shift their focus to the user instead, especially when the website has lots of traffic.

Read More ...

A mobile malware is a malicious software that targets mobile/smartphones, tablets and similar devices. The attacks may vary from fatal damage to the OS (bricking) to leakage of sensitive and personal information, such as credit card, saved passwords, pictures and much more.

Read More ...

Most malware and spam that we come across has some sort of discernable purpose to it, usually something which benefits the attackers financially. This is often related to spam campaigns, credit card theft, spreading trojans/spyware or phishing scams. However, every so often we find something that defies this trend and is just downright evil. We found a PHP script named config-r.php in the root directory of a website that contained the following code:

Read More ...

During an incident response investigation, we detected an interesting backdoor that was hidden in a fake image. The attacker was quite creative in creating an attack that would work in two steps.

Read More ...

Phishers usually want to protect their pages from being detected by search engines and security companies. To achieve that, they add .htaccess files that deny access to their phishing directories from known IP addresses and networks. Depending on the scenario, if they are targeting a specific type of service (online banking for instance) attackers may allow only a set of visitors from a specific country to see that phishing page.

Read More ...

In a compromised environment, attackers may inject malicious code into different files, including the core of different CMSs, in order to maintain access to the website and/or obtain sensitive data. Although these issues are very simple to be identified and remediated, not all users constantly monitor their websites for such file integrity breaches.

Read More ...

Social engineering techniques, like phishing, can be powerful in persuading users into performing specific actions or disclosing confidential information. In these types of scenarios, attackers look for vulnerable sites on the web to upload fake pages pretending to be trustworthy organizations, such as banks, email and payment services, etc.

Read More ...