Author: Weston Henry Page 2 of 5

malicious plugin

SiteLock Research Team Identifies Malicious Plugin

During a routine site cleaning, the SiteLock Research Team found suspicious code in a WordPress plugin file.

Visit our WordPress blog, the District, for full details on this malicious plugin.

Vulnerable WordPress Social Media Plug-in Discovered

SiteLock SECCON Team recently detected suspicious code in a WordPress Social Media Tab. plugin file. In this article we will discuss the malicious plugin and its payload, and detail what steps should be taken to remove and avoid using malicious plugins.

daily scans for malware

Popular 2016 WordPress Hacks

It’s time to get serious about threats to your WordPress website. The SiteLock research team has investigated the types of attacks WordPress users can expect in 2016. Let’s take a look…

SiteLock Website Security

It’s a Holiday Security Breach Blowout

This week we have a personal story for our readers. It’s a heartwarming tale of multiple mass data compromises, which affected yours truly. We’ll also discuss how major data breaches occur, and what you can do to protect yourself in the Age of the Large Data Breach.

Adsense High CPC Malicious WordPress Plugin in the Wild

The SiteLock SMART malware scanner detected three particular files as suspicious. Inspection of the files by the SiteLock Research Team ultimately determined that a malicious WordPress plugin was being actively hosted, used by unsuspecting site owners, and spread via YouTube.

We will detail the malware contained in the malicious plugin, reveal the relationships between the malicious plugin and other sites, and finally discuss mitigation for sites using the plugin and how to avoid such situations.

Don’t Be Held For Ransom By Ransomware

What is ransomware and how does it work?

Ransomware is malicious software that infects a computer and restricts the computer’s use until the victim pays a ransom to restore functionality. A ransomware compromise begins with a vulnerable computer or computer with vulnerable third-party software. A user on the vulnerable machine clicks a link in a malicious email, or visits a malicious website for example, which allows the ransomware to exploit a vulnerability and gain complete control of the machine.

Malicious WordPress plugin site

Malicious WordPress Plugin Adsense High CPC

While scanning website files, SiteLock SMART flagged three particular files as suspicious.  Inspection of the files by the SiteLock research team ultimately determined that a malicious WordPress plugin was being actively hosted, used by unsuspecting site owners, and spread via YouTube.

In the following article, we will:

  • detail the malware contained in the malicious plugin
  • reveal the relationships between the malicious plugin and other websites
  • discuss mitigation for sites using the plugin and how to avoid such situations
Security

What Is Security?

First, let’s tell you what security is not. Security is not safety.

Security is on everyone’s mind at this festive time of year. As more and more consumers move their shopping online, e-commerce security and the security of personal information naturally comes to the forefront. But what is security?

It’s a large and nebulous topic to which entire areas of study are dedicated, and the average website owner can’t be expected to be an expert, let alone a consumer. That’s why we’re taking this opportunity to answer this question and hopefully provide a foundation of understanding to help all site owners and consumers better assess their security needs.

malware email addresses

Looking at 1,000 Malware Email Addresses

Why Email Addresses?

When the SiteLock support teams clean malware from websites, it’s not unusual to find email addresses somewhere in the injected code.  So the research team decided to dig into some of those  malware email addresses to see what we could learn.

With the help of the SECCON (security concierge) and Expert Services teams, we gathered over 1,000 email addresses in short order. We hoped to see potential patterns such as highly used email providers and learn how the addresses were used, with the added benefit of providing a list of strings to detect malware.

Where Malware Email Addresses Can Be Found

The list of 1,012 email addresses consists mostly of phishing repositories, with some shell install and login notifications, ego addresses, and a few spoofed “From” addresses from phishing files. The full list of malware email addresses is found at WSTNPHX’s GitHub page.

SiteLock Research Team Uncovers WordPress Plugin Vulnerability

The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.

The team has been working on putting together a new vulnerability research process.  During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider.   Developed by SliderVilla.com, it displays customer testimonials in a responsive slider and has over 10,000 installs.  We chose Testimonial Slider for no other reason than it was a slider plugin after the recent Revolution Slider exploit.

What Does Testimonial Slider Do?

Testimonial Slider, developed by SliderVilla.com, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.

Page 2 of 5

Powered by WordPress & Theme by Anders Norén