RedKit Malware Still Alive RedKit Malware RedKit malware as detected by Online Malware Scanner Background Back in 2013, we posted about RedKit infecting significant number of websites. It appears that, three years later, the statistics of the websites submitted to online malware scanner show the revive of this malware among infected websites. Malicious action Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Read more →

Traffic Distribution System (TDS) On Infected WebsitesThis malware technique is widely used to monitor and redirect traffic from compromised website to malicious content or paid referrals. In past, we highlighted similar cases in our blog: Blacklisted website used to drive traffic to ‘penny stock website’ Malicious TDS flow Malicious Traffic Distribution System diagram BackgroundThreatSign! client received complaint from his customer that his website got blocked when accessed from Google Chrome.

Read more →

FilesMan Backdoor Malware On Your Computer FilesMan is being abused in the wild What is FilesMan? It is a File Manager used to explore the files in a computer. It is the most basic malware tool that attackers upload to your website as a form of backdoor to browse your files. Some of these File Managers are sophisticated and has their own GUI (Graphical User Interface), some are capable of uploading and downloading files from your website as if the attackers were in front of your computer browsing it personally.

Read more →

What is Cross Site Scripting (XSS)? May 26th 2016 jetpack disclosed a XSS vulnerability discovered in their popular plugin. We would to take this opportunity and describe what is XSS. Cross Site Scripting or XSS attack refers to injection of the malicious code or malicious payload into pages of legitimate website. Further, when these compromised pages are visited by website users, the injected malicious code (or payload) is executed by client-side application (visitor's web browser) and performs the actual malicious action such as: redirecting visitor to another website, download and installation of malicious code, showing adult ads and etc.

Read more →

Steps To Discover Malicious Hosts Attempting To Access Your Website When dealing with previously cleaned website that got re-infected over and over again, it is essential to monitor/check who and when tried to connect to website. Usually, POST request is used to access the malware files to launch malicious script/command. Thus, once you have the file names you can review the log files (e.g. access.log for Apache) to detect the servers that were sending these malicious requests.

Read more →

Introduction This article highlights well-known website vulnerabilities, bad practices, flaws and security issues that allow hackers to compromise websites. Its purpose is strictly educative, and it should be used as a guide to enhance the web security applied to websites and web applications. Material presented below is gathered based on common mistakes made by Internet users having very limited computer science skills. The base level information shared here depicts an entire arsenal that leads to a successful cyber attack, resulting in legitimate websites getting blacklisted by search engines and security manufacturers.

Read more →

Quttera's support team is being constantly contacted by website anti-malware monitoring customers whose website(s) were blacklisted. This post lists several (not all) blacklisting authorities and how to submit your site for (re)testing by them. First, you should make sure your website no longer hosts malware, spam or any other potentially harmful content. You can do it by yourself or if you're ThreatSign customer you can simply let us do it for you.

Read more →

Obfuscated malicious JavaScript code generated hidden iframe to drive traffic to customer website Background Online Website Malware Scanner has identified malicious JavaScript code injection in the scanned website. Usually, such malicious obfuscated JavaScript code is used to build malicious iframe invisible to the website user and which downloads content from remote malware distributor. This website is located in Ukraine and it is used by Traffic Direction System (TDS) managed by malicious domain revmihyr[.

Read more →