Website Ransomware – CTB-Locker Goes Blockchain

By on April 12, 2016 . 2 Comments

04112016_Ransomeware

During the last couple of years, website ransomware has become one of the most actively developing types of malware. After infamous fake anti-viruses, this it the second most prominent wave of malware that makes money by directly selling “malware removal” services to users of infected computers. But unlike fake anti-viruses, that were mostly harmless, and used as a social engineering technique to make people pay for removal of non-existing threats, ransomware is a much more serious beast. It doesn’t pretend to be a good guy. It actually makes your computer unusable unless you pay the ransom.

So what happened? Why don’t we see large scale fake anti-virus campaigns any more while ransomware is all the rage? I guess the answer is the payment method.

Read More

Filed Under: Website Infection[s], Website Malware Tagged With: ,

Sucuri – 2016 Redesign

By on April 1, 2016 . 17 Comments

Update: It was an April fools joke, if you did not realize it by now. The site is back in place and the ascii/web3.0 design is still accessible here if you want to see how it looked. A few weeks ago, while enjoying lunch on a bright sunny day in
Read More

Filed Under: Product Update

Beware of Unverified TLS Certificates in PHP & Python

By on March 31, 2016 . 7 Comments
03302016_Beware

Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your website, or clear your CDN’s cache. The HTTPS protocol is used to secure the connection with
Read More

Filed Under: Website Security Tagged With: , , , ,

Hacked Websites Redirect to Porn from PDF / DOC Links

By on March 29, 2016 . 4 Comments
03292016_PornRedirect_v3

We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This time we’ll tell you about yet another interesting blackhat SEO attack that we’ve been wat
Read More

Filed Under: Website Security, Website Attacks Tagged With: , , , , , ,

Ask Sucuri: How Does Sucuri Clean a Website?

By on March 23, 2016 . 1 Comment
03212016_HowClean

Question: How does Sucuri clean hacked websites? What is the process? We clean a lot of websites, ~ 400 / 500, daily during our normal load. To understand how we do it, you have to understand where it all comes from. The biggest challenge with p
Read More

Filed Under: Ask Sucuri, Website Security, Website Hacked Tagged With: , ,

Server Security: Indicators of Compromised Behavior with OSSEC

By on March 17, 2016 . 2 Comments
03162016_ServerSecurityOssec_V2

We leverage OSSEC extensively here at Sucuri to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log
Read More

Filed Under: Server Security, OSSEC Tagged With: , , ,

When a WordPress Plugin Goes Bad

By on March 4, 2016 . 19 Comments
03042016_WordPressPlugin_V1

  Update March 7: The WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the CCTM plugin, and changing the version to 0.9.8.9. WordPress
Read More

Filed Under: WordPress Security Tagged With: , , , ,

Behind the Malware – Botnet Analysis

By on February 24, 2016 . 3 Comments
Revslider new vulnerability with IRC Botnet

While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises. Now it's being leveraged again in a new attempt to infect
Read More

Filed Under: WordPress Security Tagged With: , , ,

Investigating a Compromised Server with Rootcheck

By on February 19, 2016 . 11 Comments
02192016_RootCheck_V2

What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform the incident response on your behalf. What if you want to do an investigation on your
Read More

Filed Under: Learn, Product Update, Server Security, OSSEC Tagged With: ,

WordPress Sites Leveraged in Layer 7 DDoS Campaigns

By on February 17, 2016 . 6 Comments
021072016_WordPress7Layer_V1r2

We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website with the pingback feature enabled (its def
Read More

Filed Under: Website Firewall, WordPress Security, Website Attacks Tagged With: , ,