Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that they never installed on their sites themselves. My colleague Denis Sinegubko of UnmaskParasites helped to investigate this case. Shorte[.]st is a service that hijacks links, More Info »
Tag Archives: malvertising
vBulletin Used to Show Malicious Advertisements
In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more recently with a new variation of the same infection. Ever since this new development, the table datastore in vBulletin has been a prime candidate for More Info »
WordPress Security – Fake TrafficAnalytics Website Infection
Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics even set up fake analytics websites designed to trick webmasters who took a few steps to investigate the unfamiliar script. Recently, a new variation of More Info »
Injection of Unwanted Google AdSense Ads
During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks. It’s not More Info »
Website Malware Targets Mobile Platforms
Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous possibility of harmful mobile malware. The increase in mobile internet browsing has prompted attackers to adapt their techniques, targeting mobile-specific platforms and distributing spam and More Info »
Cloned Spam Sites in Subdirectories
In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products – a very bold move. This time around, More Info »
200k+ Parked/Expired Domains Used to Distribute Malicious Ads
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x the normal price. However, this is not the only way to make money on expiring domains. Today, we’ll show you another questionable million-dollar business on expired domain names that hurts… More Info »
Nulled WordPress Themes: Malvertising and Black Hat SEO
If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on your site. A benign plugin may sneakingly inject ads into your site which cause malvertising problems for the site visitors (e.g. SweetCaptcha). Other plugins may be hijacked by hackers or… More Info »
New Wave of the Test0/Test5.com Redirect Hack
Last week we described the hack that randomly redirected site visitors either to a parked test0 .com domain or to malicious sites via the default7 .com domain. This week the default7 .com domain went down but the attackers returned with a new wave of site infections and the new redirecting domain – test5 .xyz (registered just a fewRead More Info »
Malicious Pastebin Replacement for jQuery
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats as they evolve. We wrote in the past about fake jQuery scripts and how hackers use Pastebin.com to host malware. This time, we will show you an attack thatRead More Info »
