Home Testimonials Company Support 1–888–873–0817
PRICING SUPPORT LOGIN
Home Notes Malware Signatures About

Recently we wrote about wp-vcd malware that created rogue WordPress admin users (100010010) and injected spam links.

Our readers noticed that the “nulled” premium theme sites promoted by the injected links (and some other similar sites) had this very wp-vcd malware pre-installed with every downloaded theme.

It’s pretty easy to notice when you check the files inside the downloaded .zip files. All original files have one date, but two files have a different, more recent date:

Read More ...

Over the last months, we’ve been talking a lot about new ways to decode complex malwares that involve the usual PHP functions like eval, create_function, preg_replace, assert, base64_decode, etc.

Read More ...

We recently came across a file that shows an interesting case with a Javascript malicious code injection in a website’s custom script file, though it’s not specific to any particular website software:

Read More ...

This is a quick posts about yet another quite massive attack that installs CoinHive JavaScript Monero miners on compromised websites. You might have already read our blog posts on how such attacks were first detected and how they escalated after that.

On Oct 30th, 2017 Microsoft Malware Protection Services tweeted about a new cryptocurrency miner on compromised sites.

Read More ...

Recently we saw a new wave of a known malware that injects malicious WordPress admin users to vulnerable or compromised sites.

Read More ...

Recently, during a website investigation, we detected that attackers have been modifying the database structure of WP Maintenance plugin (which is a very popular wordpress plugin which adds a "down for maintenance" or coming soon page for your website) and inserting malicious code into wpmm_settings option to lead users to the harmful content.

Read More ...

Books SEO Spam

2017-10-16  by  Fernando Barbosa

We already discussed in our blog some cases where the attacker uploaded a full ready-to-use website in order to promote their products and services. This is a well-known SEO spam tactic, but this time we're going to cover what we found in a recent incident response process. A full library was injected into the victim's file structure, of course without the consent of the website owner.

Read More ...

While working on a compromised website, it's very common to encounter hacktools. Those are like the attackers' swiss knife, allowing them to perform several tasks such as: DoS attacks, execute server level exploits and even simple filemanagers.

Read More ...

In the last few months, we've covered several cases of SEO Spam in our labs and blog that were promoting products and services ranging from essay writing to sunglasses. From time to time, these Spam campaigns change and attackers focus on topics that may bring additional revenue. This time around, the topic was Soccer :)

Read More ...

Years ago, colleagues from Yandex introduced the concept of Mayhem infections.

In that post, they provided very detailed information about the malware, its functionalities and capabilities.

Read More ...