Avillez – Management, information security or anything else I find interesting.

And the next time, go upload a shell to your gramma’s website!

During an incident response process performed in our client’s website, one of our analysts found a very interesting web shell. Our tools detected a suspicious file called “./v8.php” and after some time decoding it, we found out that it was a backdoor giving full shell access to the attackers.

The shell itself is very similar to the well known c99 webshell in which provides a variety of commands to manipulate the victim’s website (file structure) and Continue reading “And the next time, go upload a shell to your gramma’s website!”

Not Just Pills or Payday Loans, It’s Essay SEO SPAM!

Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah, good times. Well, it seems like some companies are trying to end this problem. They are offering services where clients pay them to write these essays for you.

The problem is that Continue reading “Not Just Pills or Payday Loans, It’s Essay SEO SPAM!”

Inheritance Fraud: Twelve Million Dollar Offer on Skype

Old but gold… the scammers attack again! I was just added by “dukemike438” on Skype and received this message from him: Continue reading “Inheritance Fraud: Twelve Million Dollar Offer on Skype”

Deciding and Communicating Under Pressure

These days, the Brazilian government is under heavy pressure due to many social and political protests against various causes, such as the quality of public transportation, the amount of money that will be spent with the World Cup, corruption and many other problems that affect people’s lives.

Unfortunately, in the midst of Continue reading “Deciding and Communicating Under Pressure”

Avira, AVG and WhatsApp Defaced

If you visited the web sites for Avira, AVG or WhatsApp this morning, you probably saw that they didn’t look like they should. All of them were defaced and looked like this:

02-avira-defaced

It is a bit horrifying when you see such big Continue reading “Avira, AVG and WhatsApp Defaced”

Scammers Targeting OLX Customers

Yesterday, a friend from Brazil sent me a message: “Hey man, I’ve just added my photo camera to sell on olx.com.br for a really high price and someone just contacted me wanting to buy it! The interesting thing is that the buyer it is not even from Brazil, internet is really amazing”

He was happy but Continue reading “Scammers Targeting OLX Customers”

Creative Backdoors – Using Filename Typos

When a site gets compromised, one thing we know for sure is that the attackers will leave some piece of malware in there to allow them access back to the site. We call this type of control capability a backdoor.

Backdoors are very hard to Continue reading “Creative Backdoors – Using Filename Typos”

Malware Infection – Blocked by Day Limit

This week while working on a compromised site, I found an interesting variation of the Blackhole injection. We work with many sites injected with Blackhole, like this one:

blackhole-injection

However, on this specific site, instead of Continue reading “Malware Infection – Blocked by Day Limit”

Brazilian Protests Leading To Mass Defacements

Lately, Brazil is going through a series of political protests against the current administration and the large amount of over expenses related to the 2014 Soccer/FIFA World cup. When the police started to close down the protesters in the streets, they went online. We won’t go into much more politics, but those online protests recently switched from Twitter/Facebook discussions into a mass defacement of multiple high profiles sites (and Twitter accounts).

It includes the Twitter of Continue reading “Brazilian Protests Leading To Mass Defacements”