Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

During an incident response process, we identified some files located at a website’s root folder. Although they had different filenames (post.php, news.php, home.php, etc), they had the same malicious content:

Read More ...

Backdoors evolve. They tend to get more complex, harder to understand and harder to decode, but this is not always the case.

Read More ...

Attackers work hard to make their code very well hidden from the victim and antivirus products, however they might leave some fingerprints (usually not on purpose) that can make the infection easier to detect and remediate.

Read More ...

Attackers will do desperate and obvious things to boost the views of their 'customers'.

On a daily basis we find different malicious redirects (some are very well hidden, others not so much).

The case with this JavaScript redirect is not so different than the other malicious redirects out there, except for one thing - it is constructed from multiple redirects via multiple servers in order for the attacker to gather statistics and monetize the ‘clicks’ from the scripts.

Read More ...

Some sites may stay infected or not properly cleaned for years. Eventually, they come to us and we clean them. It doesn’t matter whether the malware is old or new. But old malware may tell stories for those who can read it.

For example, this February (2017), we cleaned one site with infected JavaScript files. There was nothing special; everything was cleaned automatically. However our analyst, Moe Obaid ,decided to take a look at the removed code:

Read More ...

Today while scanning a client’s website, I found a failed attempt by attackers to hide the location of a backdoor. It is very common for us to find backdoor uploaders on websites, as they are one of the principle ways attackers upload malicious content onto websites. However, there was something interesting about this particular case.

Read More ...

During a recent incident response investigation, we detected an infected website loading spam content from another location. The malware was responsible for fetching the spam and displaying it on the front page without the client's knowledge or consent.

Read More ...

Since PHP 5.3.0, PHP includes support for configuration INI files on a per-directory basis that has the same effect (depending on the case) that the .htaccess files have on Apache. With that in mind, attackers are exploiting this feature to manipulate the search engine results in order to benefit malicious websites and redirect users to arbitrary spam content.

Read More ...

Throughout the last few months, we published multiple articles about simple but powerful backdoors and how attackers get creative. Virtually in all cases, the code is designed to avoid detection and it’s not always highly encoded. Actually, we are seeing that most attackers are following the KISS ("Keep it simple, stupid”, “keep it short and simple”) principle and PHP is a vast programming language that can be used to implement malicious code in agreement with it.

Read More ...

Over the years, attackers have used different techniques for hiding malicious files on websites. They obfuscated code, changed legit functions to execute malware, modified whole core files to execute their malicious activity and much more.

Read More ...