Reverse Javascript Injection Redirects to Support Scam on WordPress

Reverse Javascript Injection Redirects to Support Scam on WordPressOver the last few weeks, we’ve noticed a JavaScript injection in a number of WordPress databases, and we recently wrote about them in a Sucuri Labs Note.

The campaign attempts to redirect visitors to a bogus Windows support page claiming that their computers are infected with ‘riskware’ and will be disabled unless they call what is an obviously bogus support hotline.

Google and several other web security vendors are currently blacklisting the domain; fortunately, most visitors will receive a warning page like this during the redirection process:

 

Tech Support Phone Scam

It’s worth noting that the phone number displayed on the page is auto-generated based on the URL that is supplied.

Continue reading Reverse Javascript Injection Redirects to Support Scam on WordPress at Sucuri Blog.

Source: Scuri check

How to Create Secure Passwords For Your Website

How to Create Secure Passwords For Your WebsiteHave you ever had to sign up for a new account, but once the time came to create a password, your spirits dropped a little? It’s hard enough to remember one password let alone multiple passwords. Panic sets in as the security suggestions prompt you to add more numbers and unique characters. How am I going to remember this? Why does this even matter if I’m the only one who accesses this account?

We’ve written previously about the elements of a secure password, and the topic is still important today.

Continue reading How to Create Secure Passwords For Your Website at Sucuri Blog.

Source: Scuri check

Javascript Injection Creates Rogue WordPress Admin User

Javascript Injection Creates Rogue WordPress Admin UserEarlier this year, we faced a growing volume of infections related to a vulnerability in outdated versions of the Newspaper and Newsmag themes. The infection type was always the same: malicious javascript designed to display unauthorized pop-ups or completely redirect visitors to spammy websites, which the hackers then monetized through advertisement views.

This month we noticed a very interesting variant of this infection. While still related to the same vulnerability on the same outdated versions of Newspaper and Newsmag themes, the malware has been designed to both inject malvertising and take over a WordPress website completely.

Continue reading Javascript Injection Creates Rogue WordPress Admin User at Sucuri Blog.

Source: Scuri check

Malicious Cryptominers from GitHub

Malicious Cryptominers from GitHubRecently, a webmaster contacted us when his AVG antivirus reported that the JS:Miner-C [Trj] infection was found on their site.

Our investigation revealed a hidden iframe had been injected into the theme’s footer.php file:

wpupdates.github[.]io/ping/” style=”width:0;heigh:0;border:none;”>

When we opened the URL in a browser, the page was blank.

After checking the HTML source code, we discovered a piece of JavaScript using the CoinHive miner with the site key, CZziRExmOxYEE65Hm4E9fycCuNqZH1G9 and the username, MoneroU.

Continue reading Malicious Cryptominers from GitHub at Sucuri Blog.

Source: Scuri check

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites

Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress SitesA few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be jQuery and Google Analytics. In reality, this script loaded a CoinHive cryptocurrency miner from a third-party server.

We also mentioned a post written back in April that described the cloudflare.solutions malware, which came along with the cryptominers. At this moment, PublcWWW reports there are 5,482 sites infected with this malware. It seems that this evolving campaign is now adding keyloggers to the mix.

Continue reading Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites at Sucuri Blog.

Source: Scuri check

Improving DKIM Compliance

Adopting DKIM can make a huge difference in how the email you send is perceived by recipients.  With DKIM you are taking ownership of an email by cryptographically signing each email.  Recipients then decode the signature to verify that you sent the email.  DKIM, in short, is like putting a wax seal on a letter that uniquely identifies you.

How can you improve DKIM compliance?

Get Informed

The first thing you need to improve DKIM compliance is a method to understand what your current compliance rate is.  To do this, you need:

  1. Adopt DMARC.
  2. Have a method to parse and report on DMARC digests coming from inbox providers.

DMARC responses from inbox providers are often not-quite human readable and the larger the volume of email you send, the more complex the responses.  To parse these, you need a product that summarizes them and provides reports that you can understand.

MxToolbox Delivery Center was designed to provide you with a complete understanding of who is sending email on your behalf and how your emails are performing with respect to SPF, DKIM and DMARC compliance and how likely your emails are to be rejected by inbox providers.

Get Control

Now that you have insight into what emailers are compliant, the second step to improving your DKIM compliance is to take control of the compliance of your internal emails and 3rd party emailers.

Investigate internal systems that might be sending email on your behalf and make sure that those systems are capable of signing outbound email with your DKIM signature.  These could be anything from marketing automation and sales systems to order entry, vendor management or customer support.  Regardless if they are home-grown or off-the-shelf, if the system is sending email, it needs to be DKIM compliant or the email may be rejected.

Similarly to internal systems, you must take a look at external, 3rd party providers to understand if they can be DKIM compliant.  Most external providers can sign email with a DKIM key, however, email forwarders are much less likely to be DKIM compliant than bulk emailers or other 3rd party service providers.  Talk with each of them to setup DKIM compliant email.

Repeat

Getting DKIM compliant is not a one-time project, but an on-going process.  To ensure high levels of compliance long-term, you will need to:

  • Regularly check compliance rates
  • On-board new internal and 3rd party systems to be compliant
  • mdcpro_inboxSetup processes to assess new applications and providers based on their DKIM support

MxToolbox Delivery Center gives you everything you need to analyze SPF, DKIM and DMARC compliance rates, identify problem internal services and external 3rd party providers and react to threats to your reputation where services are blacklisted or non-compliant.

Summary

DKIM Compliance is an on-going process that requires regularly investigation of DKIM compliance rates with tools that give you insight into the IP addresses and 3rd party tools and domains that are sending email on your behalf.


Source: MXtoolbox