Category: SiteLock Research

Injected JavaScript

JavaScript Malware Injected Into WordPress Themes

The SiteLock support teams are always encountering new types of malware.  This week we’ll discuss a recent infection of WordPress theme files, header files specifically, brought to our attention by SiteLock’s Security Concierge, or SECCON, Team.

Where Was This New Malware Discovered?

SECCON notified the research team of what seemed to be a new JavaScript infection found in WordPress theme header.php files, like wp-content/themes/twentyfifteen/header.php. The infection consists of two lines of identical JavaScript injected into the header file, targeting the closing tag.

 

Sample malware infection

Sample Infection

Read More

UNIX file timestamp code with touch commands

Changing Timestamps To Disguise Malware

This week we look at file timestamps, what they are, what they mean, and how bad actors can use them to their advantage when compromising sites. Timestamps can be a good clue as to what happened if a site was compromised. But are timestamps foolproof? Let’s find out what they are and see.

Read More

Malware file containing verse

Pop Culture In Malware

Hacks are bad. A website compromise is serious, and at SiteLock we see a lot of compromised sites and malicious code. Malicious code is constantly evolving to avoid detection.   Adversaries use a large number of strategies to avoid detection, and comedy happens to be one of them.

Since hackers try everything they can think of – pop culture references, internet memes, irony – to disguise malicious code, we’ll dive into the strange and weird to show you how far adversaries will go…

Read More

security research

An Overview of SiteLock’s Security Research Efforts

As SiteLock continues to innovate and push the boundaries of web site protection, we’ve invested in and grown our security research team to provide new capabilities and content for customers and the security community at large.

This week, we will discuss what the SiteLock Research Team is, the team’s mission, and provide an overview of the team’s emerging efforts, as well as where to find and how to interact with the team.

Read More

phishing attack

Phishing Attacks And How to Counter Them

In this week’s post, we take a look at “in-the-wild” phishing attacks and talk about how to counter them. Protecting yourself from phishing and malware attacks is not only important, it’s a fundamental Internet survival skill, made even more essential if you have a web presence you depend on. A compromised workstation could lead to compromised credentials, ultimately leading to complete control of your website by bad actors. We don’t want that.

Read More

Malware removal

The Changing Behavior Of Malware Payloads

We’re kicking off a new blog series here at SiteLock, to share some of the insight we gather every day removing malware from websites.   This series will be geared toward folks interested in learning more about the web application security landscape. In this space, we’ll cover various topics each week – everything from CMS security to malware, to vulnerabilities and best security practices.

Insights On Malware Campaigns

One of the interesting things about tracking malware campaigns is their changing behavior as the campaigns shift to different targets, employ new tactics to evade detection, and propagate new malware, based on the changing economics of the campaigns.

Below is an example we have seen take shape and evolve over the past few weeks that should give readers an example of how these changes occur and what is going on behind the scenes of a large-scale malware attack campaign.

Read More

SiteLock Website Security

Malware Decoded: How SiteLock Cleans Infected Websites

Identifying and cleaning malware is part of our everyday life here at SiteLock, and we know for many website owners cybersecurity can be an intimidating topic. That’s why we thought we’d share a simple case of what a common infection looks like, and demonstrate how SiteLock finds, fixes, and prevents malware.

During a malware clean of a new customer’s site, we found some simple, well-known malware — a perfect example for an introductory post on malware. The site was compromised through an arbitrary file upload and malicious code was ultimately injected into the index of the site. Likely an automated process, the code was injected before the closing <body> tag.

Read More

Page 5 of 5

Powered by WordPress & Theme by Anders Norén