Ads has been spreading all over the internet starting from any social networking sites to almost everything. Some ads are plain and straightforward, and some are horrific and disturbing. Like this one that we got just last week. When we checked a link, it showed these images below: And it will take you to the Play Store to download an app. If you are still unaware, along with the helpful and useful apps the Google Play Store is infested with a lot of malicious apps.

Read more →

Background One of the most recognizable errors encountered on the Internet is the “404 Not Found” page. The website hosting server usually generates such error when a visitor attempts to access a page that does not exist (broken or dead link). Webmasters can configure the servers to display a customized and more user-friendly 404 error page offering the sitemap, branding or other helpful information. This post shows how the hackers that broke into the web server through the compromised website exploited this mechanism to serve SPAM.

Read more →

Background It is not a surprise that a Weak Password leads to a compromised website. What is not upfront obvious is the scale of the damage that could happen when such necessary security measure as a Strong Password is neglected. It is a must for every company and business to enforce strict policy for the creation and proper maintenance of the authentication details on every level and across all of the assets.

Read more →

Background There is a wide blasting of SPAM emails that pretended to be a legitimate letter from Apple about your user account being used on a new device. Due to people's instinct to click on any link embedded in the email without analyzing the content, SPAM campaigns are usually very effective when disguised under a well known brand. SPAM investigation Let's take a deep look and spot the flaws of the email: The image above shows the actual content of the email to the Customer.

Read more →

Background As it turned out during the malware clean-up of customer websites, hackers were using exactly this type of exploit to attack the site. Furthermore, the site got reinfected with malware as soon as someone accessed it. We got alarmed as the reinfection was so sudden, so we dig deeply and found out something else. Website Malware Incident Investigation Upon checking the access logs of the site, we found a very nifty but familiar entry on the records as shown below: This type of attack exploits the 'X-Forwarded-For’ and ‘User-Agent’ HTTP headers which has not been cleared properly causing the attacker to inject malicious codes that contain remote code execution.

Read more →

Background There is a Black SEO/Spam poisoning campaign running that targets mainly the WordPress websites. While handling several incidents related to it, we have discovered a new self-recovering WordPress oriented malware among other malicious components. Let’s take a look at all of them. Backdoors To Control The Attacked Website We still don’t know if there is any relation between infections but all of the examined websites contained numerous generic PHP shells and backdoors which names have the following format: footer[\d]{0,2}.php login[\d]{0,2}.php stats[\d]{0,2}.php user[\d]{0,2}.php gallery[\d]{0,2}.php sql[\d]{0,2}.php file[\d]{0,2}.php object[\d]{0,2}.php license[\d]{0,2}.php ferg[\d]{0,2}.php dirs[\d]{0,2}.php global[\d]{0,2}.php include[\d]{0,2}.php For readers who are unfamiliar with the regular expression rules: [\d] means numeric symbol 0-9 and {0,2} mean that at most two consequent digits.

Read more →

During our incident response to the client's website, we found a vulnerability in the VTEM Skitter module of Prestashop CMS. Here is the code snippet of the uploadimage.php: $uploaddir = ‘./img/’; $uploadfile = normalize(pregreplace(‘/ /’, ‘’, basename($_FILES[‘userfile’][‘name’]))); if (move_uploaded_file($_FILES[‘userfile’][‘tmp_name’], $uploaddir.$uploadfile)) echo ‘success:‘.$uploadfile; else echo ‘error’; To test if your site is vulnerable, try going to your favourite browser and enter the following in the address bar: http:///modules/vtemskitter/uploadimage.php. An output of "error" string just means that the module is exploitable.

Read more →

Information has been scattered all over the internet. Links after links are being distributed over the web through Facebook, Youtube, blogs, emails, text messages and any other form of online communication. Having said that, this also includes good and bad links which can cause problems to the visitors of these links. Unpatched sites are being exploited with a lot of infected redirections and do contain payloads to attack. A couple of weeks ago, we received a report about an unauthorized connection that the site makes whenever a visitor checks it.

Read more →

There is no such thing as a perfect web application. Some software vulnerabilities have been there since the very first application was created. The majority of today's exploitation can lead to the automatic execution of arbitrary codes without the users' permission. In this post, we show the Rig Exploit Kit's attack flow. Quttera's malware researchers uncovered and removed this malware for one of our ThreatSign customer websites. Rig Exploit Kit has been thunderous, and it is widely used by the hackers to distribute malware over the internet.

Read more →

Ransomware has become very frequent this year, and our malware researchers encounter more and more cases of cryptographic file-locking attacks. Easiness of deploying, the wide range of targets and clear business model are probably the main reasons for such popularity of this kind of malware among cyber criminals. Any company or organization is a potential target as it has been proven earlier this year when U.S. hospital computers and cancer treatment equipment were shut down due to ransomware.

Read more →

Malware clean-up and hacking recovery for websites

Get your website cleaned and removed from blacklists. Prevent traffic loss and protect your visitors now.

economy

119$

/yr

1 domain
Blacklisting removal
Malware clean-up
Daily malware scanning
Malware scan reports by email
Re-scan anytime
Create Account
professional

399$

/yr

5 domains
Blacklisting removal
Malware clean-up
Daily malware scanning
Malware scan reports by email
Re-scan anytime
Create Account

more plans

Need help? contactus@quttera.com

Newsletter

What's in newsletter?

Example newsletter



© 2017 Quttera Ltd. All rights reserved.