Compromised web sites

(get it in RSS or Atom)

SophosLabs wins coveted Swiss prize

by Chester Wisniewski on November 24, 2012 | 2 Comments
SophosLabs wins coveted Swiss prize

The Swiss are known for their prestigious and generous gifts to those who achieve what others can only imagine. SophosLabs managed to impress the committee and earn one of these coveted prizes recently.

Pseudorandom domain name generation and the Blackhole exploit kit

by Fraser Howard on July 5, 2012 | 3 Comments
Pseudo random domain name generation and Blackhole

Take a look into the latest widespread attack against legitimate websites, in which many sites are hacked in order to redirect users to exploit sites.

OpenX ads leading to malware c/o 'BlackAdvertsPro'

by Fraser Howard on March 28, 2012 | 6 Comments
OpenX ads leading to malware c/o 'BlackAdvertsPro'

Take a look at some recent attacks where OpenX ad servers are being hacked in order to hit redirect users users to exploit sites and infect them with malware.

Is this the resurgence of Blackhat SEO?

by Fraser Howard on February 9, 2012 | 5 Comments
Code snippet from the PHP SEO kit

Take a dive into some recent blackhat SEO attacks in this post to explore the facts behind the recent rise in reports of this threat. Site administrators in particular may be interested in some of the findings.

Hide and seek with website injections

by Fraser Howard on November 11, 2011 | Leave a comment
Troj/JSRedir-DY code snippet

Step into the shoes of a site administrators attempting to check if their sites have been hacked or not, by taking a look at a couple of recent attacks against websites.

Not such a nice hack, Nice Pack

by Fraser Howard on November 7, 2011 | 1 Comment
Mal/Iframe-W featured image

Take a closer look at one of the nasty JavaScript threats that we have seen injected into thousands of legitimate web sites recently, for the purpose of infecting users with malware.

Another widespread site defacement attack. Leading nowhere?

by Fraser Howard on October 24, 2011 | Leave a comment
Another widespread site defacement attack. Leading nowhere?

Have you ever wondered what is meant by the term 'Traffic Direction System' (TDS)?

Well, take a look at a widespread site injection attack that took place earlier today, and see exactly how a TDS server is used to control user traffic.

Analysis of compromised websites - hacked PHP scripts

by Fraser Howard on October 19, 2011 | 4 Comments
Analysis of compromised websites - hacked PHP scripts

Investigating a few compromised web sites reveals some interesting behaviour in the PHP hacks that are being used to compromised legitimate web servers in order to redirect unsuspecting users to exploit sites.

Widespread site compromise leading to Zeus

by Fraser Howard on July 15, 2011 | 5 Comments
Snippet of injection malicious JavaScript

Read more about a recent wave of attacks compromising legitimate web sites for the purpose of infecting users with Zeus malware.

Shooting the messenger. Who do you trust?

by Fraser Howard on December 22, 2010 | 8 Comments
1doll115x115

With an increasing number of legitimate web sites playing a role in malware distribution, never has it been so important for webmasters and site administrators to understand the threat and respond quickly when alerted to an issue. As Fraser discusses in this post, one of the problems they face is knowing when to trust the security vendor on the end of the phone.