During an incident response process performed in our client’s website, one of our analysts found a very interesting web shell. Our tools detected a suspicious file called “./v8.php” and after some time decoding it, we found out that it was a backdoor giving full shell access to the attackers.
The shell itself is very similar to the well known c99 webshell in which provides a variety of commands to manipulate the victim’s website (file structure) and Continue reading “And the next time, go upload a shell to your gramma’s website!”
Remember back in school or college when you had to write pages and pages of long essays, but had no time to write them? Or maybe you were just too lazy? Yeah, good times. Well, it seems like some companies are trying to end this problem. They are offering services where clients pay them to write these essays for you.
The problem is that Continue reading “Not Just Pills or Payday Loans, It’s Essay SEO SPAM!”
If you visited the web sites for Avira, AVG or WhatsApp this morning, you probably saw that they didn’t look like they should. All of them were defaced and looked like this:
It is a bit horrifying when you see such big Continue reading “Avira, AVG and WhatsApp Defaced”
When a site gets compromised, one thing we know for sure is that the attackers will leave some piece of malware in there to allow them access back to the site. We call this type of control capability a backdoor.
Backdoors are very hard to Continue reading “Creative Backdoors – Using Filename Typos”
This week while working on a compromised site, I found an interesting variation of the Blackhole injection. We work with many sites injected with Blackhole, like this one:
However, on this specific site, instead of Continue reading “Malware Infection – Blocked by Day Limit”
Lately, Brazil is going through a series of political protests against the current administration and the large amount of over expenses related to the 2014 Soccer/FIFA World cup. When the police started to close down the protesters in the streets, they went online. We won’t go into much more politics, but those online protests recently switched from Twitter/Facebook discussions into a mass defacement of multiple high profiles sites (and Twitter accounts).
It includes the Twitter of Continue reading “Brazilian Protests Leading To Mass Defacements”