Background As it turned out during the malware clean-up of customer websites, hackers were using exactly this type of exploit to attack the site. Furthermore, the site got reinfected with malware as soon as someone accessed it. We got alarmed as the reinfection was so sudden, so we dig deeply and found out something else. Website Malware Incident Investigation Upon checking the access logs of the site, we found a very nifty but familiar entry on the records as shown below: This type of attack exploits the 'X-Forwarded-For’ and ‘User-Agent’ HTTP headers which has not been cleared properly causing the attacker to inject malicious codes that contain remote code execution.

Read more →

Background There is a Black SEO/Spam poisoning campaign running that targets mainly the WordPress websites. While handling several incidents related to it, we have discovered a new self-recovering WordPress oriented malware among other malicious components. Let’s take a look at all of them. Backdoors To Control The Attacked Website We still don’t know if there is any relation between infections but all of the examined websites contained numerous generic PHP shells and backdoors which names have the following format: footer[\d]{0,2}.php login[\d]{0,2}.php stats[\d]{0,2}.php user[\d]{0,2}.php gallery[\d]{0,2}.php sql[\d]{0,2}.php file[\d]{0,2}.php object[\d]{0,2}.php license[\d]{0,2}.php ferg[\d]{0,2}.php dirs[\d]{0,2}.php global[\d]{0,2}.php include[\d]{0,2}.php For readers who are unfamiliar with the regular expression rules: [\d] means numeric symbol 0-9 and {0,2} mean that at most two consequent digits.

Read more →

During our incident response to the client's website, we found a vulnerability in the VTEM Skitter module of Prestashop CMS. Here is the code snippet of the uploadimage.php: $uploaddir = ‘./img/’; $uploadfile = normalize(pregreplace(‘/ /’, ‘’, basename($_FILES[‘userfile’][‘name’]))); if (move_uploaded_file($_FILES[‘userfile’][‘tmp_name’], $uploaddir.$uploadfile)) echo ‘success:‘.$uploadfile; else echo ‘error’; To test if your site is vulnerable, try going to your favourite browser and enter the following in the address bar: http:///modules/vtemskitter/uploadimage.php. An output of "error" string just means that the module is exploitable.

Read more →

Information has been scattered all over the internet. Links after links are being distributed over the web through Facebook, Youtube, blogs, emails, text messages and any other form of online communication. Having said that, this also includes good and bad links which can cause problems to the visitors of these links. Unpatched sites are being exploited with a lot of infected redirections and do contain payloads to attack. A couple of weeks ago, we received a report about an unauthorized connection that the site makes whenever a visitor checks it.

Read more →

There is no such thing as a perfect web application. Some software vulnerabilities have been there since the very first application was created. The majority of today's exploitation can lead to the automatic execution of arbitrary codes without the users' permission. In this post, we show the Rig Exploit Kit's attack flow. Quttera's malware researchers uncovered and removed this malware for one of our ThreatSign customer websites. Rig Exploit Kit has been thunderous, and it is widely used by the hackers to distribute malware over the internet.

Read more →

Ransomware has become very frequent this year, and our malware researchers encounter more and more cases of cryptographic file-locking attacks. Easiness of deploying, the wide range of targets and clear business model are probably the main reasons for such popularity of this kind of malware among cyber criminals. Any company or organization is a potential target as it has been proven earlier this year when U.S. hospital computers and cancer treatment equipment were shut down due to ransomware.

Read more →

Infected Websites: How bad can it be? Here are the top reasons for having a website: Information Dissemination Personal Biography Marketing your business Online shopping Let's have a look at sample scenario: Your new and shiny website is ready and goes online to serve your goals. You are enjoying every activity involved in building up your online presence like sharing information, marketing your business, serving your online shoppers and much more.

Read more →

Deobfuscation made easy with MalwareDecoder.com Battling malware has been a very competitive and very fulfilling task nowadays. It brings joy and confidence to each Malware Analyst that can discover or unravel the code being used for an attack or infection. We at Quttera, were able to help other Malware Analysts with their tasks by providing tools for them to be used in their analysis. We have tested it with one of the suspicious files that we got on one of our clean ups.

Read more →

Malicious ads and website reputation Malvertising is one of the most profitable businesses in the cyber hacking industry. Exploiting website inventory is highly beneficial for cyber criminals as it is then sold to redirect traffic to gambling, adult, pharma and similar kinds of websites. Needless to say, that its damage to both publishing websites and advertising network reputation is huge. Ideally, Web Admins are the ones responsible for checking the Ads that their site is showing.

Read more →

Website Defacement is just a click of a button In the past few months, Quttera malware researchers encounter a significant rise in website defacements by hackers. Government websites, among the others, were under such cyber-attack and thus getting a lot of attention and concern from the public. Interesting fact that, in some cases, hacker groups used defacement as their "cyber branding". The number of such sites being defaced is then used as a global ranking of a responsible hacker group.

Read more →

Malware clean-up and hacking recovery for websites

Get your website cleaned and removed from blacklists. Prevent traffic loss and protect your visitors now.

economy

119$

/yr

1 domain
Blacklisting removal
Malware clean-up
Daily malware scanning
Malware scan reports by email
Re-scan anytime
Create Account
professional

399$

/yr

5 domains
Blacklisting removal
Malware clean-up
Daily malware scanning
Malware scan reports by email
Re-scan anytime
Create Account

more plans

Need help? contactus@quttera.com

Newsletter

What's in newsletter?

Example newsletter



© 2016 Quttera Ltd. All rights reserved.