Sucuri Labs Weekly Review – June 22nd – 2012
Have you checked out Sucuri Labs? We have been adding a daily feed of the top web-based malware
samples that we find every day, and the number of compromised sites as well.
We separate the data into three main categories:
- Hidden iframes
- Conditional redirections (genereally done via .htaccess)
This helps us understand how sites are getting compromised and how it is being executed in the browser.
Here are a few samples of the daily feed:
As far the top offenders for this week, here you go:
- http://onmouseup.info/stats.php – .htaccess redirection that affected a couple hundred different web sites.
- http://rec-creations.com/adv.php – Malicious iframe that has been active for a few weeks. And we keep seeing it.
- http://google-adsens.com/in.cgi?2 – Malicious iframe to this domain pretending to be from Google. It is offline right now, but we keep finding sites compromised with it.
- .ru redirections – Those have been going for many months, but they are still live. Some of domains are listed here: estra-talos.ru
For more details, just visit Sucuri Labs to see the dump for each day.