Let’s take a trip back to 1992, when the hacking thriller “Sneakers” dropped in theaters. If you’ll recall, a team led by Martin Brice obtained a box capable of breaking any encryption code. This meant that they could, if they so desired, hack into any government system in the world. Unfortunately (or fortunately, depending on [...]

When you hear the term “data breach,” what comes to mind? Probably recent events like  the credit card problems at Global Payments or PlayStation’s breach of end user accounts. And while these are certainly nothing to scoff at, they certainly weren’t as bad as they could have been. With that in mind, let’s take a [...]

If you own a web site, odds are malicious hackers will take notice. Whether their aim is to inject  your site with malware to pass along to your visitors, flood your web pages with spam links, bring your site down via a denial of service attack, deface your web site or steal confidential information if it has a URL [...]

It used to be that malware was spread through sharing floppy disks. The threat eventually moved on to USB drive, email and file sharing downloads. Nowadays, the threats are so advanced that simply visiting a web site that contains malicious code can cause your computer to be infected. Below, you will see a few examples [...]

It’s time to update your WordPress installs. WordPress released an update to WordPress 3.3.2 addressing some serious bug fixes. These update was released by the WordPress core security team on Friday, 20th April. The WordPress 3.3.2 update includes security updates of three external libraries included in WordPress: Plupload (version 1.5.4), which WordPress uses for uploading media. SWFUpload, which WordPress [...]

We hear about cyber crime and malicious hacking all the time in the news but have you ever stopped to wonder just who it affects? After all, unless we are aware (the key word being aware) that we were directly touched by cyber crime we may never know just how much of a problem it [...]

Current research shows that over 85% of all malware comes from the web. This number is so high because it is estimated, by the same report, that more than 30,000 websites are infected with some sort of malware every day. And this number is not limited to malicious sites set up by cybercriminals, a majority of these sites are [...]

This is the second part of our blog article about the emerging security issues for and threats to websites as well as some of the options to address them. To read the first part of our article click: Website Security: What do I need to know? What do I need to do? – Part 1 In [...]

There was a time when attackers concentrated their efforts on large corporate web sites. Smaller businesses usually did not tend to the security of their web site as much because there wasn’t enough notoriety in bringing down a small mom and pop site. But now things have changed. Any site on the web has become a target for [...]

This article describes some of the emerging security issues for and threats to websites as well as some of the options to address them. The information is first in a series of articles that will discuss how to make a website more secure. This target audience is owners and managers of websites. The contents reflect [...]

We all know that the term hacker is synonymous with computer enthusiast. However there are hackers out there who use their skills in less than legitimate ways. This list shows five of the most well known black hat hackers of all time. Kevin Mitnick At age 12 Mitnick used his social engineering skills to ride Los [...]

Visit “panel.stopthehacker.com” in your web browser. If you don’t have an StopTheHacker account you can sign-up for one of our four editions easily. When logged in to the panel you will see your dashboard.  Here you will see a number of notifications in the top area of the dashboard, as sown below. Click on “Setup [...]

Malicious hackers are finding new ways to compromise legitimate, benign websites with web malware. The goal of this post is to highlight a long running saga of a specific kind of malware injection, which we’re calling the “rr.nu/mm.php” variety. This specific variety of malware has very poor detection rates when Anti Virus programs are used [...]

The word malware has been used often in recent times. However, what does malware actually mean? There is a lot of confusion among Internet users and others about what malware really is and what a piece of computer software branded as malware really does? In this short article, we will explain what malware is and [...]

SAN FRANCISCO, CA – February 22, 2012 – Host Europe Group – the largest privately owned hosting group in Europe – has today announced that it has partnered with website security services provider –  StopTheHacker –  to offer its SaaS website security services throughout  Europe. Host Europe Group will roll out StopTheHacker’s comprehensive suite of [...]

This is the sixth part in our series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article we will talk about WordPress security. WordPress is arguably the most popular content management system (CMS) on the Internet today. Malicious [...]

This is the fifth part in our series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article we will talk about a very popular attack method used to infect legitimate websites: .htaccess redirection. This technique is used by [...]

SaaS Website Security Startup StopTheHacker Launches Commercial Services Based on Initial Funding Round Investment Fuels Ongoing Development and Sales Push for Emerging Internet Security Player SAN FRANCISCO, CA – February 13, 2012 – SaaS website security services provider StopTheHacker has received $1.1M in initial funding from public and private investors including Runa Capital, an early-stage [...]

This is the fourth part in a series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article we will discuss one of the most common attack methods used to infect benign websites: Hidden backdoor shells. This particular compromise [...]

This is the third part in a series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. In this article, we will describe one of the most common reasons why benign websites are hacked and then are infected with malware: FTP [...]

This is the second part in a series of posts here at StopTheHacker where we describe the various methods that malicious hackers use to infect benign and legitimate websites with web-malware. This time, we will discuss one of the most prolific techniques used to compromise millions of websites: Cross Site Scripting. Cross Site Scripting attacks [...]

Website security is an arms race. Malicious hackers modify their methods constantly to infect benign and legitimate websites with web-malware. One of the most common techniques used to compromise millions of websites is called SQL Injection. SQL injection attacks have been making headlines increasingly in the past few months. This highlights the sorry state of [...]

Malicious hackers are continuously evolving the strategies they use to infect thousands of innocent and benign websites with malicious computer code, i.e. web malware. Web malware is a relatively recent phenomenon and is quite different from the “standard” viruses and trojans that are known to infect PCs and servers. How do I identify the malicious [...]

Today’s websites make use of many third party plugins to add new functionality with the least amount of effort. The inclusion of these third party plugins brings significant additional risk, namely the introduction of vulnerabilities to one’s website through vulnerabilities in the plugin itself. A prime example of this is the Timthumb malware outbreak that [...]

In the recent weeks, two websites have been used increasingly to mount attacks on unsuspecting visitors of legitimate, benign, sites compromised by malicious hackers. We will discuss the details of these distribution sites in our post. Is my site infected? First, to determine if your site has been compromised by the infections mentioned here, search [...]

Code injection attacks are now affecting millions of websites on the Internet. It is no longer an option to leave your website unprotected. We will be discussing the major outbreak of the “willysy.com” injection attacks in this article that at one time affected more than 100,000 websites. What is the Willysy attack? This particular code [...]

Malicious hackers are continuously changing the tactics they use to compromise websites. Over 6,600 new websites are hacked and blacklisted every day and begin distributing malware to potential customers and visitors, destroying their owner’s online reputation. One of the primary mechanisms used to infect visitors to a website is insertion of malicious code into a [...]

As of November 21, 2011, a large number of posts on Google groups seem to have been replicated to some adult chat rooms on Google Groups. This seems to be an attempt to game the search engine algorithm that Google uses and gain high search rankings for adult, spammy and potentially malicious websites. We have [...]

Simple Machines is a forum software used by thousands of website owners around the world to build online communities into their websites. Unfortunately, it is a perfect target for malicious hackers too. Finding a way to compromise the Simple Machines installation to inject malware into a legitimate website thereby infecting its visitors is an attractive [...]

Malicious hackers are continuing to find new ways to infect benign websites. A recent spate of attacks on WordPress powered sites proves this more strongly than ever. One popular method for infecting WordPress powered websites is to infect a file called “wp-settings.php”. The malware is then spread from this file to all subsequent requests for [...]

Malicious hackers are always looking to exploit software used by website owners to power their websites. One popular type of application that malicious hackers target is shopping carts, like osCommerce. This allows them to compromise a large number of websites using the software, infecting the visitors to these sites with malware. We have described how [...]

One of the latest attacks we are tracking on the Internet has already infected about 250 websites at the time time of our post. This number is growing rapidly. We will be posting more details regarding the Conflg.php Hack and the reason it is infecting benign websites in our forthcoming posts. What is the purpose [...]

Malicious hackers are constantly changing tactics in order to evade detection. One of the relatively new mechanisms that has been used to infect thousands of websites on the Internet is known as Domain Chaining. Domain Chaining is the act of using multiple malware infected domains to form a network that distributes exploit code to benign, [...]

A recent spate of hacking incidents has led to the compromise of the popular website blogutils.net. Blogutils.net provides website utilities like visit counters that can be embedded on websites built using popular software. Many websites, including some accounts created on tumblr.com have been recently blacklisted by Google. The primary reason for this is the compromise [...]

The ability to integrate useful third party plugins into a CMS like WordPress provides website owners the ability to add new functionality to existing websites. Unfortunately, this feature comes at a price. Third party plugins often have security vulnerabilities that allow malicious hackers to break into websites and use them to distribute malware. We take [...]

The IFRAME element, part of the HTML specification, continues to be a favorite attack vector for malicious hackers. Loading malicious payload by means of an IFRAME is an extremely easy and effective. Attackers infect and compromise websites and use them to infect other websites by loading malware from external locations, like other hacked sites. Think [...]

The state of website security has been steadily improving over the last few months. Website owners and administrators are beginning to wake up to the fact that malicious hackers can use legitimate, benign, websites to spread malware on the Internet. However, there is along way to go. Just recently we have seen a spike in [...]

Google announced today that the fight to detect web-based malware is far from over. The problem is growing and changing every day. Websites must be protected to prevent the spread of web-based malware. From the Article Google issued a new study on Wednesday detailing how it is becoming more difficult to identify malicious websites and [...]

StopTheHacker is at HostingCon 2011 in beautiful, sunny yet cool, San Diego! Come visit us at booth #623. If you’re at HostingCon, whether you are a customer or you would like to learn about our services, affiliate program, or how to partner, come by and say hi! We’re also giving away fee stuff including a [...]

Our service provider will be conducting scheduled database maintenance tomorrow, Wednesday, August 3rd, at approximately 6:00 AM PT. The upgrade will take approximately 30 minutes. This maintenance will improve performance of our websites. During this maintenance, some webpages at StopTheHacker.com may be unreachable or be served slower than usual. Logins to the customer panel and [...]

Building on our efforts to identify malware and spam on social networks like Facebook, we are very happy to announce the release of our Facebook safety app, MyPageKeeper, in collaboration with researchers from the University of California, Riverside (Press Release). For more information about MyPageKeeper, visit the Facebook app page. Why should you use MyPageKeeper? [...]

Malware authors are constantly coming up with new ways to compromise web sites. Now malicious hackers have started to focus on the weakest link in the security chain, web sites, breaking in and then using them to distribute dangerous viruses. This spreads malware on PCs which are then used to form bot networks of compromised [...]

Malicious hackers are infecting websites in droves using new kinds of malware. Websites are the newest malware battleground. Benign websites are being compromised and infected by hackers in order to infect their visitors. In the vast majority of cases, the affected website owners are completely oblivious to the fact that a malicious hacker has used [...]

Malware authors are constantly coming up with new ways to compromise web sites. Now the weakest link in the security chain, malicious hackers have started to focus on web sites, breaking in and then using them to distribute dangerous viruses. This spreads malware on PCs which are then used to form bot networks of compromised [...]

Malicious hackers are compromising websites in droves. Over 6,600 websites are hacked everyday and begin distributing malware to potential customers and visitors, destroying their owner’s online reputation. In the vast majority of cases, affected website owners are completely oblivious to the fact that a malicious hacker has used their website to infect their visitors. In [...]

The incidence of web-malware is on the rise, thousands of websites are infected every day as webmasters and business owners grapple with this new hydra of the Internet. Traditional Anti-Virus software is completely helpless when it comes to detecting these new and evolving pieces of malware which are being used to infect websites by malicious [...]

Malicious hackers are infecting websites in droves using a relatively new kind of malware. Websites are the newest malware battleground. Benign websites are being compromised and infected by hackers in order to infect their visitors. In the vast majority of cases, the affected website owners are completely oblivious to the fact that a malicious hacker [...]

Online advertisements are a significant source of revenue for many web sites. Even small websites can make money by serving up targeted advertisements to their visitors. A popular piece of software which helps deliver these online advertisements is OpenX. This software displays advertisements and rotates ads on web site pages. In the last few months, [...]

Websites are now the primary sales funnel for many businesses. Every day, billions of dollars of business is conducted by small to medium sized businesses via their web sites. Most e-commerce web sites use a piece of software called a shopping cart to allow users to pick and choose what they would like to buy [...]

SQL injection is a technique used by malicious hackers and security researchers to inject code into a website. This mechanism exploits the improper use of input by web sites, such as the use of raw input from forms, and direct database queries using this information. SQL Injection continues to be a major security vulnerability. Malicious [...]

MySQL.com, the website of the extremely popular database software used worldwide was reported to be compromised today by the use of, ironically, an SQL injection attack. This compromise was released into the public domain via a post on Seclists.org: http://seclists.org/fulldisclosure/2011/Mar/309 The group responsible for this disclosure also disclosed passwords, password hashes and other sensitive information. [...]

Websites are the new battleground between malicious hackers and the general public. Malicious individuals and organizations use websites as a conduit for spreading malware. More than 6,600 otherwise benign websites are compromised every single day. One of the primary enablers of this kind of compromise is the amount of publicly available data about a website, [...]

Parallels Plesk is an extremely popular platform for web hosts and service providers who design and service websites. This software is widely deployed all around the globe with thousands of installations. In this article we discuss how a spammer could direct an attack at Parallels Plesk users or trick them into giving up their credentials. [...]

Web based malware is quite interesting in the way it changes. This emerging threat can destroy the reputation of websites and online businesses, get them blacklisted by search engines and hurt their customers and visitors . Every single day, close to 6,600 new websites are added to popular malware blacklists. In this article, we will [...]

The growth of web-based malware continues unabated. Malware developers are targeting websites to distribute malicious viruses, Trojans and other harmful computer programs. This modern modus operandi banks on the fact that most websites have weak security and can be easily compromised. In fact even the top 15 financial institutions have vulnerabilities. In this article, we [...]

Web-based malware is the new bane of the Internet. Malware developers have focused on using websites to distribute millions of copies of viruses, Trojans and other malicious computer programs. This modern modus operandi banks on the fact that a website’s security is weak and can be easily compromised. In this article we want to raise [...]

Today, we’ll expand on our previous post which described SEO poisoning. Hackers are using this relatively new technique to lure users into visiting malicious websites with a vengeance. SEO poisoning is a method by which hackers can get a malicious link or URL, indexed by a search engine. When users search for terms that match [...]

Services like Posterous have changed the way Internet users post information about themselves, their likes, and their dislikes. Posterous follows a very simple model. A user simply needs to send an email to post@posterous.com and they can attach files, such as music that they like, and post it to their personal page. Its very easy [...]

YouTube is reported to have been hit by hackers. They have exploited a loophole in the way YouTube lets users post comments. More information can be found in the Google Support Forum and on Slashdot. Analysis It seems that when someone places a piece of JavaScript in the comment section, beginning with the <script> tag, [...]

Building on our first article in the series, we continue to analyze the Google Safe Browsing List. In this part, we present more detailed statistics about the hashes seen on the blacklist and try to provide insight into what we observe. Motivation Understanding the behavior of infected websites is very important. This provides security researchers [...]

Google’s efforts to clean up the Internet and provide a useful advisory to Internet users has been very successful. Nearly every modern browser now incorporates Google’s Safe Browsing List information, to prevent users from inadvertently visiting malware infested websites and phishing websites. Motivation In this article we will be analyzing the Google malware hash lists [...]

This morning, a close friend of mine pointed me to some interesting documents on the American Express website. These documents seem to be leaking sensitive information including detailed activity for a corporate purchasing card. The documents clearly show the amounts, the specific merchants, dates, and places where the transaction was made and more. The documents [...]

Most websites and services today use some kind of framework, based on modern languages such as PHP, Ruby, Python and others. This has allowed many individuals to host arguably complex websites. This can be a good thing except when it comes to the fact that many website owners do not pay sufficient attention to the [...]

Search engines like Google drive the majority of traffic to websites. Therefore, it is important for webmasters to appear high on search rankings and prominently in search results. To this affect website owners often spend large sums of money on Search Engine Optimization (SEO) strategies: using the right keywords, getting linked to by popular sites, [...]

Hackers have been trying new tricks to obfuscate their malicious code and sneak it surreptitiously into benign websites. This trend is ever increasing as websites are now the weakest link in the entire malware chain. Hackers discover vulnerabilities in websites, exploit them to inject malicious bad code and voila – you have at your disposal [...]

Blacklists are published by many security groups and organizations around the world to share knowledge about malicious websites, IP addresses and other security features which allow others to insulate themselves from the dark side of the Internet. In recent years, the number of blacklist being published by web-centric organizations have grown by leaps and bounds. [...]

Hackers are using a relatively new technique to lure users into visiting malicious websites. SEO poisoning is a method by which hackers can get a malicious link or URL, indexed by a search engine. When users search for terms that match the context of the malicious link, unsuspecting web surfers are often served malicious links [...]

It has been said that universities all around the world are harboring zombie machines in droves. These are the same zombie machines responsible for sending out massive amounts of spam. In this article, we attempt to understand if the university zombie-spam problem really is as big a deal as it is made out to be. [...]

Popular Internet websites are a good place to advertise and therefore a target for spammers. Large throngs of visitors who view content on popular sites are the main draw. Spammers use vulnerabilities in message boards and forums to insert spam advertisements. This “malvertising” is bad for the reputation of the website in question and because [...]

Search engines, like Google, Yahoo and Bing offer users the ability to scour the plethora of information on the Internet. These search engines index content on websites and often maintain cached copies of these sites so that, in the event that the site is unavailable, visitors can still view the contents of the website. Unfortunately, [...]

Credit card data has been traded on the cyber black-market for a number of years. The relatively recent breaches of TJX Companies (owner of T.J. Maxx) and Heartland Payment Systems show the extent to which criminals will go in order to harvest credit card numbers, social security numbers, names, addresses and more. All this legitimate [...]

“Spain Busts Hackers for Infecting 13 Million PCs” Reuters via Threat Level | Wired.com Users were targeted via a vulnerability in Internet Explorer when they visited websites infected with the malware. Spanish authorities shutdown the Mariposa bot-net on December 23, 2009 although the details of what is being called the “largest cyber-raid to date” are [...]

Code injection attacks show no signs of abating. Everyday more than 6000 new websites are added to Google’s Safe Browsing List (blacklist). Hackers are compromising websites without the knowledge of the website owner to, in turn, infect website visitors. Malicious hackers don’t care if the website they infect is a small mom and pop operation [...]

Government websites play a critical role in the transfer of information to citizens, visitors, businessmen and others throughout their lives. Most importantly many people trust government websites implicitly. By virtue of this immense trust placed in websites which are relied on for information dissemination and collection by the government, one would expect that something as [...]

The stopthehacker.com team traveled to Omaha, Nebraska, in early February to meet with other cyber security companies and corporate, academic and government leaders. Anirban Banerjee, stopthehacker.com co-founder, appeared in a video interview conducted by Jeff Slobotski of the Silicon Prairie News. Watch Anirban describe the goals of stopthehacker.com: Scott Tech Center & Innovation Accelerator Host [...]

URL shortening services have become all the rage on the Internet. These services take a long URL as input and produce a short, easy to use, URL as an output. Simple! By virtue of their ease of use, millions of Internet surfers use them to post messages on twitter. In fact, URL Shortening services like [...]

This article is the last in our series of articles on CMS analysis, this time we will be focusing on vBulletin. We have previously profiled Joomla, WordPress, Drupal and phpBB. vBulletin is a little bit different than the list of CMSes we have been analyzing in this series. The first and most apparent being that it [...]

Continuing with our series of articles on CMS security, this time we will be focusing on phpBB. We have previously profiled Joomla, WordPress, and Drupal. I can already hear CMS purists howling that phpBB is not a CMS. In a way they’re right, but in other ways it is a CMS.  phpBB is without a doubt [...]

Continuing with this series of articles on CMS security, we have previously profiled Joomla and WordPress, this time we will be focusing on Drupal. Another, in a line of popular CMSs available today, Drupal, is used by tens of thousands of websites. Similar to WordPress, it has various plugins to customize the base installation and also [...]

Following up on our last article, this time we will be discussing issues relevant to, likely, the most popular CMS software package available today: WordPress.  WordPress, is used by a plethora of individuals and organizations, from bloggers to content publishers, news media outlets and many more. The great thing about this particular CMS is the [...]

In this series of articles, we will be discussing issues relevant to popular Content Management Systems (CMS). These software packages make it relatively simple for web-administrators and lay people to host a website or an Internet forum and manage the content on it. Using a CMS, one can easily keep track of various versions of [...]

Malicious hackers have, for many years, been offering services to unscrupulous individuals and companies for monetary compensation. With the growth of Email Spam advertising everything from medical supplements to cars and lottery tickets, email scrubbers and filters have taken the game up a notch by implementing ever increasing layers of complexity to cut down on [...]

Recently, we told you that Dmoz.org, one of the largest user-edited directories on the Internet, is also one of the safest directories. Directories such as Dmoz.org contain links to hundreds of thousands to millions of sites. These directories are categorized by volunteers or through automated means. Many search engines, including Google, Hotbot and others, potentially use [...]

This afternoon, a post on Badwarebusters.org reminded me of a somewhat interesting piece of malicious code I have not seen for some time. Our scanners flagged it as malware. The original post is found here , answered by redleg on Badwarebusters.org. This malware, found embedded in “eslpod.com/website/index.php”, is displayed below. The code has been slightly [...]

Hackers are hitting websites hard and fast. Everyday, upwards of 6,000 new websites are compromised by malware due to code injection, FTP credential compromise, weak server security, web-application flaws and the full gamut of other security issues. In this vein, any system used to determine whether a website is clean or infected, needs to be [...]

News aggregation sites, like Digg.com, Reddit.com, Ycombinator and Yahoo Buzz play an important part in the lives of many web-surfers. It is reported that sites like Digg.com have garnered more visitors than heavyweights like Facebook [1]. I was recently asked: “What is the probability of  a site listed on popular news aggregation sites to be [...]

Some of the largest web hosting companies in the United States and abroad host more than 500,000 websites individually. These web-hosting companies focus on providing a cost-effective solution for clients to develop and maintain their Internet-facing websites. To protect these websites, these web-hosting companies often use Web-Application-Filters (WAFs) and more traditional firewall-type devices along with [...]

We have recently published statistics comparing various website reputation services and have received good feedback over private channels regarding our article. In this sequel we add Microsoft’s Bing, malware filter along with comparison to other website reputation services. At StopTheHacker.com (Jaal LLC) we have conducted tests of 721 URLs, all of which have been reported [...]

Zombie IPs can be defined as Internet Addresses which participate in bot net communications. When Internet surfers visit websites contaminated with malware, the malicious code often times is successful in infecting the computer of the unsuspecting visitor. Once the malware has installed itself on the personal computer of the Internet surfer, it proceeds to receive [...]

An Autonomous Systems or AS is a routing construct that represents a group of networks under the control of an organization (credit for edit :Max@badwarebusters.org). These form the “structure” of the Internet. These organizations can be thought of as web-hosting companies, large Internet-based companies or resellers of bandwidth and IP addresses. These are usually large [...]

Websites on the Internet have now become the standard modus operandi for spreading malicious software to infect personal and corporate environments. A large number of benign and well-meaning websites are compromised everyday by hackers inserting malicious code to, in turn, infect the computers used by visitors to the hacked site. One of the ways to [...]

There is every indication from sources internal to StopTheHacker.com and external sources comprised of web hosting companies, administrators, security companies and government organizations that the threat from web based malware is looming large and is only going to intensify in the coming years. Website owners, and administrators, even website hosting companies are the directly affected [...]

Building on with this series of posts, which try to capture the evolution of how hackers are injecting benign scripts with malware in the hopes of hiding their malicious content amongst good code. The malicious code displayed this time leads to the famous “Gumblar” infection strain and can cause a lot of headaches. This particular [...]

We have received significant requests to keep up with this series of posts which try to capture the evolution of how hackers are injecting benign scripts with malware in the hopes of hiding their malicious content amongst good code. This particular example shows how a menumachine script was used by a hacker to spread malicious [...]

Yahoo’s cached pages can be distributing malware. Yahoo, has allowed users, for several years, to use the “cached pages” options displayed along with its search results on Yahoo-Search. Yahoo has partnered with McAfee’s SearchScan to provide safer searches since about May 2008. This is all good. The intention of providing safer searches to visitors is [...]

Solid financial institutions are the cornerstone of any successful economy. These institutions need to maintain the highest levels of security to protect sensitive customer data from becoming prey to malicious interests. Given the fact that these giants of industry have emergency response and security teams and that they spend hundreds of thousands of dollars a [...]

It has been a busy day. Lots of interesting things have happened over the course of the last few hours. One interesting issue which we faced today was when trying to help out on badwarebusters.org today. It seems that one of our scans popped up a script hosted by Site Meter as potentially malicious. This [...]

Try our Blacklist Monitoring service for free. Blacklisting can happen to anyone. Now, with Blacklist Monitoring, know before it’s too late to keep your customers. Getting quick notice can let you fix the problem faster. Together, we can help make the web a safer, better place to surf. What’s in it for you? We tell [...]

You might remember the article I wrote a couple of weeks back regarding the then recently found vulnerabilities of SSL 3.0 (TLS 1.0). Well, things just got real. New Security Issues come to light with SSL 3.0 At the time, some researchers even went so far as to say that the vulnerability was only theoretical! [...]

This weekend the only hot discussion topic except what awesome black Friday deals can people lay their hands on is the announcement concerning the fabled Google chrome OS. Early press articles have provided a good overview of what the Google OS might look like. The following articles are informative and entertaining. www.pcmag.com blogs.computerworld.com One of [...]

Writing shell code is perceived as a black art by many. The good news is that it is far from that. Anyone with a basic knowledge of programming and a desire to catch up on some basic assembly programming and CPU architecture can churn out shell code in less than an hour. Lots of people [...]

In this post we continue to analyze how popular scripts are being targeted by hackers to cause infections on websites and computers which load them up in browsers for the viewing them. The motivation behind using these originally benign scripts to do the dirty work on their behalf is that a lot of webmasters and [...]

A few weeks back I wrote about how hackers are targeting benign scripts to do the dirty work on their behalf. The trend is now intensifying. In the last post about this issue, we saw how common scripts like JQuery and AC_RunActiveContent, mootools and others were being targeted. This time we will look at injection [...]

Cross Site Tracing (XST) are one of the most prevalent threats in the Internet today. The surprising fact is that even though developers are somewhat familiar with other attack vectors, XSS (Cross site scripting), SQLi (SQL injection) and others, relatively few seem to know what XST is. XST uses the HTTP TRACE functionality which is [...]

Researchers at VUPEN have discovered four major vulnerabilities and one minor in the Adobe Shockwave Player. The vulnerabilities are present in version 11.5.1.601 and those predating it. Adobe Shockwave is installed on over 450 million client systems world-wide. The most problematic of the vulnerabilities can be exploited to execute arbitrary commands when a visitor views [...]

New SSL Security Issues: A vulnerability allowing hijacking of an already connected SSL 3.0 (TLS 1.0) sessions has been disclosed. SSL technology provides an end-to-end secure communications tunnel used most commonly by the HTTPS protocol. This, most recent, vulnerability allows an attacker to insert text of their choice into the data-stream, even after the secure [...]

A lot of times, people confuse HTTP and HTTPS. This is primarily because of the lack of understanding of a simple encryption based security mechanism that nearly all browsers can work with. HTTP is the protocol according to which your web browser transfers data to and from any web server, a computer that throws web [...]

Code injection attacks are constantly morphing. The bad guys are constantly looking to deposit malicious code into websites in order to infect visitors to these sites. Once the visitors are infected, their machines can become part of extremely large bot armies and can be used to propagate the cycle of code injection attacks further. This [...]

Although a bit dated, these pointers for shell coding provide a decent starting point for enthusiasts to go and poke around with binaries :-). Most of the information is collected from various texts on nologin.org (read win32-shellcode.pdf and many more) during the last few years and experiences with binaries. These pointers are definitely good for [...]

Twitter is over capacity. In this vein, here’s a post from gist.github.com which displays the source code for the stalkdaily twitter XSS worm. Its a good example of how to use CSRF/XSRF with XSS.

Building on my post, Beef with IE, here’s another little look into what can crash the world’s most popular browser.  Running this script may crash your browser so save your work.  Again, I’m not sure whether to classify this as malware or something else. Tested with IE7 Vista, IE6 XP2, IE6 XP3 (courtesy milw0rm).

Twitter has now become the undeniable darling of marketing enthusiasts, as this medium of communication has augured millions of dedicated users. This has also led to a lot of the bad guys looking at this medium to spread bile. I am going to provide some links based on which some “twitspam” tool-kits are developed. I [...]

A lot of people I meet often think that NOP Sled and Heap Spraying are actually the same thing. Not true at all. I wanted to write a description myself, but there were already good pointers on Wikipedia. Heap Spray “In computer security, heap spraying is a technique used in exploits to facilitate arbitrary code [...]

I’ve never been a fan of IE and one particular incident sways the decision I made long ago to switch to other browsers pretty decisively for me. I spend time tinkering with both JavaScript and Browsers, and some time back I came across a script to iterate through DOM objects on a  page. This script [...]