Research Blog

.htaccess redirections to software-boss.ru and programmengineering.ru

Just an update to the .htaccess redirections attacks that we have been tracking for the last few days (most of them to .ru domains).

 
Those are some of the domains being used right now:

 

http://software-boss.ru/grammar/index.php
additionalprofit.ru
boss-united.ru
clear-agent.ru
clearagent.ru
face-apple.ru
fightagent.ru
power-update.ru
programmprofit.ru
software-boss.ru
syntaxswitch.ru
window-switch.ru
http://powerprogramm.ru/make/index.php
http://jaobsofterty.ru/in.cgi?2
http://programmengineering.ru/check/index.php

It is happening on WordPress and Joomla sites, but can affect any web site, since they are getting access to sites via stolen passwords. Once in there, they modify the .htaccess file to redirect users to malware domains (and search engines for SEO). In some cases, the code is injected in the index.php file:

 

Sucuri identifies this malware in our scanner: http://sitecheck.sucuri.net

 
Our support team can clean it up for you if you are infected. Sign up with us here: http://sucuri.net/signup and we will get it sorted out pretty quickly.

 
If you have any question, let us know (support@sucuri.net).

 

Client Love

Customer satisfaction is our top priority and our clients can confirm. Check out some real recommendations from real clients.
   
   

Scan your website FOR FREE