Collaborate Disseminate
In a previous analysis of a malicious file, we demonstrated why you should always update your email account passwords after a security compromise.
The information security threat landscape is always changing. Likewise, the tools used by bad actors are… Continue reading Reset Email Account Passwords after Website Infection: Follow Up
During the past year, our Remediation department has seen a large increase in the number of fully spammed sites.
The common factors are strangely named and unusually located favicon.ico files, along with the creation of “bak.bak” index fil… Continue reading The Strange Case of the Malicious Favicon
We recently had a client that had a persistent malware infection on their shared hosting environment that would re-infect the files quickly after we had cleaned them. The persistence was being created by a cron that was scheduled to download malware f… Continue reading Return to the City of Cron – Malware Infections on Joomla and WordPress
Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors.
A good example of this is the shell_exec function which allows plain shell com… Continue reading Cronjob Backdoors
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the var… Continue reading Malware Campaigns Sharing Network Resources: r00ts.ninja
We are proud to be releasing our latest Hacked Website Trend Report for 2018.
This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT… Continue reading Hacked Website Trend Report – 2018
Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but not all of them have a present to open. This is why our family started a charity project in 2007 called … Continue reading My Website Was Hacked on Christmas Eve
All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles.
The way the capabilities are handled on W… Continue reading Using Innocent Roles to Hide Admin Users
Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites.
Shortly after, the campaign changed the domain names used in its scripts. No… Continue reading Multiple Ways to Inject the Same Tech Support Scam Malware
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed.
Website Backdoors
A backdoor is a piece of malware that attackers leave b… Continue reading Backdoor Uses Paste Site to Host Payload