We are seeing a large number of sites compromised with a conditional redirection to the domain http://enormousw1illa.com/ (194.28.114.102).On all the sites we analyzed, the .htaccess file was modified so that if anyone visited the site from Google, Bing, Yahoo, or any major search engine (by checking the referer), it would get redirected to that malicious […]
We are seeing many sites hosted on GoDaddy shared servers getting compromised today (and for the last few days) with a conditional redirection to sokoloperkovuskeci.com. This is what it looks like on our scanner: Suspicious conditional redirect. Details: http://sucuri.net/malware/entry/MW:HTA:7 Redirects users to:http://sokoloperkovuskeci.com/in.php?g=1105 This is caused by this entry that is added to the .htaccess file […]
Attackers have been using the .htaccess file for a while. They use this file to hide malware, to redirect search engines to their own sites (think blackhat SEO), and for many other purposes (hide backdoors, inject content, to modify the php.ini values, etc).Why do they use the .htaccess file? For multiple reasons. First, the .htaccess […]
Latest Comments