Deobfuscation made easy with MalwareDecoder.com Battling malware has been a very competitive and very fulfilling task nowadays. It brings joy and confidence to each Malware Analyst that can discover or unravel the code being used for an attack or infection. We at Quttera, were able to help other Malware Analysts with their tasks by providing tools for them to be used in their analysis. We have tested it with one of the suspicious files that we got on one of our clean ups.

Read more →

Malicious ads and website reputation Malvertising is one of the most profitable businesses in the cyber hacking industry. Exploiting website inventory is highly beneficial for cyber criminals as it is then sold to redirect traffic to gambling, adult, pharma and similar kinds of websites. Needless to say, that its damage to both publishing websites and advertising network reputation is huge. Ideally, Web Admins are the ones responsible for checking the Ads that their site is showing.

Read more →

Website Defacement is just a click of a button In the past few months, Quttera malware researchers encounter a significant rise in website defacements by hackers. Government websites, among the others, were under such cyber-attack and thus getting a lot of attention and concern from the public. Interesting fact that, in some cases, hacker groups used defacement as their "cyber branding". The number of such sites being defaced is then used as a global ranking of a responsible hacker group.

Read more →

Security tools serving good and bad This is a python script used by Cyber Security Analysts to check for vulnerabilities in website . Like any other network security tool, it is being utilized by many, meaning it was also being utilized by the bad guys a.k.a "hackers". While we were browsing the dark web, we stumbled upon a hacking forum where you need to take an exam before you could join their group.

Read more →

RedKit Malware Still Alive RedKit Malware RedKit malware as detected by Online Malware Scanner Background Back in 2013, we posted about RedKit infecting significant number of websites. It appears that, three years later, the statistics of the websites submitted to online malware scanner show the revive of this malware among infected websites. Malicious action Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Read more →

Traffic Distribution System (TDS) On Infected WebsitesThis malware technique is widely used to monitor and redirect traffic from compromised website to malicious content or paid referrals. In past, we highlighted similar cases in our blog: Blacklisted website used to drive traffic to ‘penny stock website’ Malicious TDS flow Malicious Traffic Distribution System diagram BackgroundThreatSign! client received complaint from his customer that his website got blocked when accessed from Google Chrome.

Read more →

FilesMan Backdoor Malware On Your Computer FilesMan is being abused in the wild What is FilesMan? It is a File Manager used to explore the files in a computer. It is the most basic malware tool that attackers upload to your website as a form of backdoor to browse your files. Some of these File Managers are sophisticated and has their own GUI (Graphical User Interface), some are capable of uploading and downloading files from your website as if the attackers were in front of your computer browsing it personally.

Read more →

What is Cross Site Scripting (XSS)? May 26th 2016 jetpack disclosed a XSS vulnerability discovered in their popular plugin. We would to take this opportunity and describe what is XSS. Cross Site Scripting or XSS attack refers to injection of the malicious code or malicious payload into pages of legitimate website. Further, when these compromised pages are visited by website users, the injected malicious code (or payload) is executed by client-side application (visitor's web browser) and performs the actual malicious action such as: redirecting visitor to another website, download and installation of malicious code, showing adult ads and etc.

Read more →

Steps To Discover Malicious Hosts Attempting To Access Your Website When dealing with previously cleaned website that got re-infected over and over again, it is essential to monitor/check who and when tried to connect to website. Usually, POST request is used to access the malware files to launch malicious script/command. Thus, once you have the file names you can review the log files (e.g. access.log for Apache) to detect the servers that were sending these malicious requests.

Read more →

Introduction This article highlights well-known website vulnerabilities, bad practices, flaws and security issues that allow hackers to compromise websites. Its purpose is strictly educative, and it should be used as a guide to enhance the web security applied to websites and web applications. Material presented below is gathered based on common mistakes made by Internet users having very limited computer science skills. The base level information shared here depicts an entire arsenal that leads to a successful cyber attack, resulting in legitimate websites getting blacklisted by search engines and security manufacturers.

Read more →

Quttera's support team is being constantly contacted by website anti-malware monitoring customers whose website(s) were blacklisted. This post lists several (not all) blacklisting authorities and how to submit your site for (re)testing by them. First, you should make sure your website no longer hosts malware, spam or any other potentially harmful content. You can do it by yourself or if you're ThreatSign customer you can simply let us do it for you.

Read more →

Obfuscated malicious JavaScript code generated hidden iframe to drive traffic to customer website Background Online Website Malware Scanner has identified malicious JavaScript code injection in the scanned website. Usually, such malicious obfuscated JavaScript code is used to build malicious iframe invisible to the website user and which downloads content from remote malware distributor. This website is located in Ukraine and it is used by Traffic Direction System (TDS) managed by malicious domain revmihyr[.

Read more →

Quttera as the leading provider of anti-malware services and solutions, that protect business-critical information in the cloud, hybrid and on-prem, brings the advantages of innovative heuristic, behavioral and AI technologies built-in in our scanning engine.

Read more →