Bots represent over 60 percent of all website traffic. This means that the majority of your website traffic could be coming from Internet bots, rather than humans. A bot is a software application that runs automated tasks over the Internet. Bots can be put into two categories, “good” and “bad.” Good bots visit websites to perform jobs, like search engine crawling, website health monitoring and website vulnerability scanning. Bad bots perform malicious tasks such as, DDoS attacks, website scraping and comment spam.
Category: Malware Page 3 of 5
Over the past couple of years, it has become apparent that similar to home and office computers needing anti-virus software and a firewall to keep them protected, individual websites have become a prime target for hackers, and they too require some form of protection. As it becomes a more lucrative racket for hackers worldwide, it’s more important than ever to understand what malware, or malicious software, is, and how it has increasingly become a problem for websites of all sizes. Before we talk about how a website can be protected from malware, let’s first cover some common purposes of malware, how it generally works and what it means for a website after it’s infected.
According to a recent report from Google, nearly all website owners rely solely on Google’s Safe Browsing program to alert them when their site has been hacked. The report concludes that only 6% of webmasters discovered an infection via proactive monitoring for suspicious activity. That’s alarming.
Bad actors have attacked websites since the beginning of the internet. They have many reasons for taking over websites — money, infamy, politics, curiosity — though nothing grabs attention more than the visual defacement of a site. Website defacement occurs when a bad actor gains access to the site files, and replaces the index or home page with their own page. We’ve seen many of these over the last year, but what are the real consequences for the sites that are defaced? We’ll discuss the effects of a defacement on a website, and the reasons why they happen. We will also outline what you should know about defacements and how to secure your site against them.
What Is A Website Defacement?
Why Email Addresses?
When the SiteLock support teams clean malware from websites, it’s not unusual to find email addresses somewhere in the injected code. So the research team decided to dig into some of those malware email addresses to see what we could learn.
With the help of the SECCON (security concierge) and Expert Services teams, we gathered over 1,000 email addresses in short order. We hoped to see potential patterns such as highly used email providers and learn how the addresses were used, with the added benefit of providing a list of strings to detect malware.
Where Malware Email Addresses Can Be Found
The list of 1,012 email addresses consists mostly of phishing repositories, with some shell install and login notifications, ego addresses, and a few spoofed “From” addresses from phishing files. The full list of malware email addresses is found at WSTNPHX’s GitHub page.
The SiteLock support teams are always encountering new types of malware. This week we’ll discuss a recent infection of WordPress theme files, header files specifically, brought to our attention by SiteLock’s Security Concierge, or SECCON, Team.
Where Was This New Malware Discovered?
Hacks are bad. A website compromise is serious, and at SiteLock we see a lot of compromised sites and malicious code. Malicious code is constantly evolving to avoid detection. Adversaries use a large number of strategies to avoid detection, and comedy happens to be one of them.
Since hackers try everything they can think of – pop culture references, internet memes, irony – to disguise malicious code, we’ll dive into the strange and weird to show you how far adversaries will go…
In this week’s post, we take a look at “in-the-wild” phishing attacks and talk about how to counter them. Protecting yourself from phishing and malware attacks is not only important, it’s a fundamental Internet survival skill, made even more essential if you have a web presence you depend on. A compromised workstation could lead to compromised credentials, ultimately leading to complete control of your website by bad actors. We don’t want that.
We’re kicking off a new blog series here at SiteLock, to share some of the insight we gather every day removing malware from websites. This series will be geared toward folks interested in learning more about the web application security landscape. In this space, we’ll cover various topics each week – everything from CMS security to malware, to vulnerabilities and best security practices.
Insights On Malware Campaigns
One of the interesting things about tracking malware campaigns is their changing behavior as the campaigns shift to different targets, employ new tactics to evade detection, and propagate new malware, based on the changing economics of the campaigns.
Below is an example we have seen take shape and evolve over the past few weeks that should give readers an example of how these changes occur and what is going on behind the scenes of a large-scale malware attack campaign.