Tag: malware Page 1 of 2

Counting Down the Top 10 Most Popular SiteLock Blogs in 2018

Is one of your New Year’s resolutions to learn more about securing your website? Maybe you want to dive into the world of malware and learn more about what it is and how it can be prevented. Or perhaps you want to understand what to do if a web host suspends your website due to a cyberattack. Whatever the reason, make 2019 the year you resolve to put cybersecurity first.

There is a lot of information on the web on this subject and with 155 SiteLock blogs published in 2018 alone–that’s a lot content to search through! We’ve made it easy for you learn more about cybersecurity and how to secure your website in 2019 by gathering our most popular blogs in one place. Join us as we countdown the top 10 most popular SiteLock blogs in 2018!

Read More

check website for malware

The Evolution of Malware Identification

Code is what allows website owners to customize their websites and make it unique. However, sometimes malware can sneak into that code, resulting in a potentially harmful impact to unsuspecting users. Using today’s techniques, how would you distinguish which code is good and which code is bad? And what will that identification look like in the future? In this article, we will discuss current malware detection methods and the future of malware identification. Plus, provide insight into the role machine learning can play moving forward.

Read More

sitelock reviews

SiteLock Helps Publication Increase Online Presence After Malware Attack

Background

As a publisher, editor, and fan of the bucking bull industry for over 20 years, Terry Lidral brought her passion for ranch and rodeo to life by creating www.buckingstocktalk.com. The online magazine is dedicated to keeping bucking stock enthusiasts informed with monthly updates on industry news.

Read More

Tales of A Cybercriminal’s Treasure: A Guide to Website Security [Infographic]

What does a pirate attack on a celebrity yacht and a website compromise have in common? Read our infographic to learn the unprecedented parallels between how stealthy pirates stole from a yacht during a high-profile party, and how cybercriminals are increasingly sneaking their way into websites for self-serving purposes, like to steal email addresses and credit card info they can resell on the black market.

Read More

WordCamp Jacksonville – A True All Things WordPress Conference

Last week I attended and spoke at the second annual WordCamp Jacksonville. It was my first time attending this camp and it didn’t disappoint. As the title of this post suggests, it seemed there was something for every type of WordPress user, and that’s not always an easy feat to achieve.

Read More

SiteLock Threat Intercept

Threat Intercept: Malvertising via JavaScript Redirects

This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
WordPress Website Security Threat Level
Learn More

Category: Malvertising / Malicious Redirect

Trend Identified: 5/17/2017

CVE ID: N/A

Trend Name: Trend El Mirage

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

MEDIUM: The vector used to infect websites appears to be through the use of leaked compromised passwords.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including database content.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.


The SiteLock Research team has identified a trend of JavaScript injections causing the visitors of affected websites to be automatically redirected to advertisements without the knowledge of the website owner.

This infection impacts WordPress sites across all versions, but the affected websites identified at this time all show evidence of recent infection by a fake WordPress plugin that performed malicious redirects as well. The previous infections were determined to have been distributed via a botnet using a database of leaked login credentials, suggesting this new attack may similarly be accessing sites via compromised WordPress administrator credentials.

The malicious code becomes embedded into existing JavaScript files in the affected sites, ensuring that the code will be executed in visitors’ browsers regardless of their activity on the site.

The code as it appears in the injected files is obfuscated, which means it’s written in a way that makes it difficult for humans to read. This is the malicious script as it appears in the affected files:

WordPress Malvertising via JavaScript Redirects

Obfuscated JavaScript responsible for malicious redirects.

After decoding this file, we are able to determine the specifics of how it behaves:

WordPress Injected Javascript Malware

Decoded and formatted version of the injected JavaScript.

The redirect takes place immediately after loading a page including the infected JavaScript, after which a cookie is stored in the visitor’s browser called “csrf_uid” that expires three days after being created. The naming of this cookie is an attempt to hide in plain sight, as CSRF (Cross-Site Request Forgery) protection cookies are commonplace in many websites across the internet. While the cookie is active, no further redirects will take place. This provides two benefits to the attacker. First, the ad network will be less likely to identify suspicious behavior and flag the attacker’s account. Secondly, it makes the redirects more difficult to identify and duplicate by the sites’ owners and administrators, decreasing the likelihood that the specific infection will be identified and removed.

What is a website cookie?
Cookies are pieces of data that websites store in your browser for later use. Sites use cookies for a number of legitimate reasons, from storing login sessions to analytics of how users are browsing the site.

Fortunately, despite the nature of these redirects, no malicious activity has been identified in the advertisements themselves, meaning a system infection occurring after these redirects is unlikely.

Because the attack vector of this infection appears to be leaked login credentials from unrelated data breaches, it is very important to ensure that strong password policies are in place on your site. Avoid using the same password across multiple locations to prevent one service’s breach from exposing your accounts elsewhere. If you determine that your data has been part of a publicized breach, change your passwords immediately. Also, consider using a breach checker to identify if your email address has been associated with any public data breaches in the past, as this would be a major indicator that password changes will be necessary for your accounts.

If you are a website owner and you believe your website has been impacted by this infection, contact SiteLock as soon as possible at 855.378.6200. Our SMART scan began rapidly identifying and cleaning instances of this infection within 24 hours of being initially identified.

Read More

SiteLock Threat Intercept

Threat Intercept: Passwords Publicly Exposed by Malware

This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
WordPress website security threat level
Learn More

Category: Shell / Information Disclosure

Trend Identified: 4/20/2017

CVE ID: N/A

Trend Name: Trend Tusayan

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including credential disclosure and database contents.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.

The SiteLock team has discovered a dangerous malware trend that not only provides website administrator level access to the bad actors involved, but exposes sensitive website credentials publicly over the internet.

Read More

WordPress Auto Login and Obfuscated Code

Malware comes in a great deal of unique shapes and sizes.  Most people know someone who has had the misfortune of an infected computer at some point. Ransomware, trojans, and viruses that affect consumers’ physical devices are generally built with compiled code, which means you can’t easily “take a look under the hood” to get a solid idea of how it works.

The types of malware we work with at SiteLock behave a little differently, however. The web-ready files we encounter most frequently are written in Interpreted Languages like PHP and JavaScript. This means that the files involved contain plain, human-readable code, allowing anyone who understands the language to see what the files do.

Read More

AskSecPro: Feature-Based Malware Detection

Last year we published an #AskSecPro series where we explained how signature-based malware analysis works, as well as how traditional signatures are created. An area we don’t often talk about in public channels, but has played a pivotal role in SiteLock becoming a global leader in website security solutions, is our research and development efforts in new security technologies. In addition to our more traditional approaches to malware detection, SiteLock continues to explore new frontiers in technological improvement to push the field of security research forward. For some time SiteLock has been developing machine learning mechanisms as part of its process for discovering new malware iterations on an automatic basis. Our research in the field has shown that machine learning promises to be an important part of early malware detection and preliminary identification. One of the most significant breakthroughs we’ve had in machine learning as it pertains to malware detection and signatures, has been in feature-based signature analysis.

Read More

Page 1 of 2

Powered by WordPress & Theme by Anders Norén