Posted by Jason Remillard on Tue, Jul 13, 2010 @ 08:58 AM
Responding to increased attacks and more sophisticated
approaches by hackers, effective immediately ALL subscription packages from SSM will now be scanned for Malware at minimum TWICE a day.
Higher level packages will have the sites subjected to the scans three or more times a day. We are finding with external or even internally hosted ad networks, the prevalence of Malware insertions is increasing. As well, we are trying to confirm, but it looks like our friendly googlebot is getting more aggressive on the Malware detection stance as well, potentially putting your site at a higher risk of being 'caught' by Google.
So, at no extra cost, we've increased the frequency of all scanning options, and expect this to continue onwards.
PS> Don't forget to check out our latest product addition - The Secure WordPress Plugin - now with over 160,000 Direct INSTALLS!
Posted by Sam Leeson on Mon, Jun 14, 2010 @ 03:30 PM
If your day starts anything like mine then you open up your favourite RS
S feeder and filter through a significant number of blog posts and newspaper articles related to hacking, hacker, malware and website infection. In fact I am able to be specific enough with my reader to have it show me whenever people write to Google, Badware Busters, LinkedIn, etc. to ask what they should do when their site has been flagged as being harmful or potentially dangerous. And I am able to direct the infected parties toward the SiteSecurityMonitor's web site and free initial scan.
In the past SSM customers would register for the free scan, see what a boon having the protection and seal of protection was for their site and many would become members and pay to have a regular system analysis performed. Once they became our customers then they would receive a regular report to let them know where their site housed infections or vulnerabilities. We all know what happens when a website gets hacked. 
As Regina Smola, WordPress Security Expert, suggests, "it puts the webmaster in a tailspin, wondering what to do and what files have been infected. It puts the webmaster at risk of infecting their site visitors, getting blacklisted from search engines, and losing their website's trust and reputation. A hacked website requires an immediate response... detect, clean and close the vulnerabilities."
We have found our customers want the scan done and then, once they have made the necessary repairs to their content, they are interested in ensuring they have removed all of the malware. They want another scan done sooner rather than later. In the past SSM offered the scan to be completed on a regularly set schedule and the customer would have to wait to have a chance to see if they were in the clear. Now we have a new option for SSM service users; a rescan button right on your My Site Reports page.
This is just the latest way that we can meet the needs of our growing client base. Smola, an SSM customer since [date] continues to be a fan of our services too. She encourages WordPress users to have their "website scanned at Site Security Monitor" and adds that it is the "first step to a safer and successful website."
Posted by Sam Leeson on Mon, Jun 07, 2010 @ 11:18 AM
Everywhere we turn in the recent weeks we are reading articles, blog posts and social media updates about frustrations consumers are having with Adobe products. This comes in light of the Kaspersky Lab report titled "Information Security Threats In the First Quarter of 2010" indicating that Adobe products are the number one choice for hackers and virus writers around the world. Adobe went so far as to announce, late Friday, that they know about that holes being exploited in their Flash Player and indicated that, as yet, as patch was not available.
What I glean from the comments I've read is that individual consumers are surprised that their sites are being targeted just as frequently as the "big companies." Too often we make the assumption that because we are small, we are inconsequential and therefore uninteresting and unappealing to the hackers and malware-spreading individuals of the world. This is no longer the case. The people who are looking for targets generally have plenty of time and patience on their side 
so they can hit anyone with access to the internet through a blog posts, website visits, or click-through ads. Many of these sites utilize services offered through Adobe and other "big name" companies and so if there is already vulnerability there, you are unwittingly subjecting yourself and anyone who visits your site to an attack. J. Sadowsky, from http://www.partyinnovations.com/ thought he was protected by using McAfee security solutions but only managed to become completely free of site attacks when he began our program utilizing both the malware detection coupled with our vulnerability scanning services.
Regina, from WPSecurityLock, makes every effort to ensure that blog writers using the WordPress platform have all of the information they require to keep their posts safe from attack. Regular readers of her site will also note that she even writes about any potential exploitation she comes across.
Do not assume that simply because you are small, you do not have power. Be it good or bad, you wield more power than you think.
Posted by Sam Leeson on Thu, Jun 03, 2010 @ 03:41 PM
It's a sad statement to make that anyone can become a hacker with a few dollars and the right contacts. A simple email will allow anyone with the means access to credit card numbers, addresses, and all of your personal information. One blogger went so far as to label this industry as "fraud-as-a-service."
It's easy for individuals who have not been hacked to believe services like ours at SiteSecurityMonitor.com to be redundant. What started out on floppy disks in the 90's moved to email Trojans towards and through the move into the new millennium. These days websites are the most common place hackers target. Clients with ads and other additional click-through links are especially vulnerable.
We go out of our way to instil confidence in the consumers who use our services by generating regular reports for them letting them know exactly what malware their site has been infected with and where their site is vulnerable to future attacks.
In fact our customers are the first to let us know that the services we offer surpass what they thought was available to them.
Posted by Jason Remillard on Wed, May 12, 2010 @ 02:40 PM
Thought you were safe in the forest this spring?
As reported yesterday, and now reinforced by our friends at wpsecuritylock.com, the godaddy malware infections continue to grow, and now seems to be spreading across different hosters and now targetted applications.
Not only Wordpress installs are being affected, but now Joomla and 'standard' html-based websites. This lends more credence to our initial diagnosis that these hacks are actually the result of a platform-based attack, and spreading from the 'inside'. 
More details will be released as we learn more. In the meantime, if you are affected, please follow the instructions here and/or make sure you get a free malware/vulnerability scan here.
Posted by Jason Remillard on Wed, Mar 31, 2010 @ 12:05 PM
As reported in the past few days, a site selling Durex condoms have had a small 'exposure' problem. As reported, the site had been suffering (time length unknown) from several basic security exposures, including even allowing orders to be viewed online, without a login - simply by changing the order number!
I know that this is a 'simple' mistake, but come on folks.. This isn't 1998 where you wrote apps in MS-access and wrapped a report around it! This is (was?) a fully fledged shopping system, with um...confidential information regarding previous orders (hmmm.....size...color...flavors???)
According to the lawsuit, the company took quick action to pinch off the problem, but who knows how long the problem was exposed? What is more interesting to me, is that this problem was found by an unsophisticated user. I mean, he wasn't a cracker, malware engineer or depth-defying trojan writer. He was a customer that said, "Hmm... I wonder".... Perhaps we can all take a lesson from this scenario and consider thinking not just outside of the box with security, but also using I 
suppose accidental techniques to test services and applications. I'm sure my tester friends have a technical term for this, but it just goes to show that sometimes 'what if' is a testing parameter.
Usually conversations in this context deal with adult-content oriented websites - those are usually the first and most often attacked. Considering this case, things are a little different but no less important - the last thing you want is your customer information all piled up in someone else's control.
On a better note, our facebook group seems to be cooking now, over 170 fans now. Even better, our WordPress Security Plugin is getting great play - over 500 Installs now!
Posted by Jason Remillard on Sun, Jan 24, 2010 @ 11:55 AM
Malware Infection, Cleanup and Vulnerability Analysis and Consulting Services…
ALERT: TRUE STORY BELOW..
Want to understand how simple it is to secure your site? Sure, we’ll take a real customer example from this week to document the story.
(Names and Certain Elements removed to protect confidentiality)
Context:
Large financial news information site that was recently infected several times. Running an older (but not so old) version of WordPress. Established site, running for years, great following.
Attacks:
Several different approaches, including a desktop infection, which then infected the site. Infections spread internally from there.
Impacts:
Malware was being distributed to its 2000+ unique viewers a day. Due to the depth of the attack, google has reindexed the site with all of the pornographic and male-enhancement site links, meta tags, etc. Effectively, the site (and business) is in bad shape, SEO results are suffering.
The Approach:
Customer signed up for a free scan, which resulted in the 1st metric on the chart below (roughly 1,640 High and Medium Vulnerabilities) – Keep in mind, this is a fairly large site.
The customer took the recommendations and executed some of them (upgrading Wordpress being the first). After contacting our support group, we went through the rest of the report, and summarized the findings, and recommendations.
Luckily the Malware Alert Attack Site! flags have been removed from most browsers..
Conclusion:
As a result, we’re now down to 2 high severity issues, and about 70 medium severity. Direct Malware injections were removed. Now we’re going through the last steps to remove the last stragglers of the infection, (some things are set to reinfect after removal, etc.), and CLOSE THE DOORS on the site.
We’ll wrap up the work in a day or so, and the customer will be free from the existing hacks, and we will be monitoring his site on a daily scan basis (for both vulnerabilities and Malware) for the next few months.
Actual Screenshots from the Reporting Tool @ SiteSecurityMonitor.com
We have summarized the vulnerabilities detected over time (added medium and high priority issues) in order to give you a snapshot of your performance over time
Total Issues: Below are the issues detected on this scan, and the last scan.
| Previous scan ( 2009-11-30 xxxxxx AM ) 
|
|
Latest scan ( 2009-12-03 xxxxxx AM )
Posted by Jason Remillard on Thu, Jan 21, 2010 @ 11:32 AM
I came across a great question in LinkedIn a few weeks past, and took the opportunity to document basically what it is, in a simple version: (and it was voted the best answer! :)
Question:
What is an ‘SEO poisoning attack’?
SEO poisoning attacks are primarily attacks on popular websites using XSS or cross server scripting. IFrame viruses also act like this. Iframe are the most dangerous viruses that attack websites online through low server or FTP password leakage. These viruses then target different websites which contain some exploit matters, images and content.
Answer:
This is a sophisticated attack that is being perpetrated on a daily basis. (We just had one of these this week).
Basically, the hacker includes a script (in apache config, in your Wordpress blog, htaccess), etc. That says, if the incoming user agent = googlebot, etc. SEND THEM here. If its not, display that site.
So in my customer's example, all of his SEO rankings were showing porn, Viagra, etc. But to end users, the site worked just fine. So when Google crawled his site, Google was redirected to other content. Google indexes it, and moves on. So now, ALL of your SEO for your site is showing indexed data for the porn site. Keep in mind as well, the Google Malware alert was NOT displayed to end users. So they tricked Google twice here - once on the SEO rankings, secondly the Google Malware detection system. Seems they don't test the malware NOT using the googlebot user agent - otherwise it would've been detected. 
Even worse now, the one we dealt with last week, was operating a ‘webring’ of sorts. That is, the sites referred to each other as well. These cracked sites were thus increasing the SEO value of the porn links exponentially as the ring grew (as more infected sites were added). This was growing at approximately 30 sites a day.
The main ‘benefit’ here is that Google indexes this hacker's site, using your backlinks, etc. to your site to grow his SEO value.
Seems like everyone wants a good ranking from Google :-/
Unfortunately, this is a sophisticated attack, and usually has many layers (in this case, the redirects were in 4 different places, and took us hours to find).
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 08:22 AM
One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we’ve written quite alot about customer-specific impacts when they are infected… The ‘results’ run the gambit of 1000’s of dollars of losses over time, loss of SEO rank, customer reputation, etc. However, one part that has been missing is the true impact around the realm of supporting actors in these instances.
For example, if there is a site that is infected with a simple malware redirect. Instead of only looking at the impacts directly to the website owner (which are onerous enough!), we’re starting to look at the impacts to the service providers for that customer.
It's not just the webhoster. It's the affiliates for that site that may lose sales. It's the adnetwork that is presented on that site that receives negative feedback for the ads being present on an infected site. It's the content readers that also receive the infection, or are impacted by the reduction in traffic. It's the direct advertisers that are affiliated with the website, that are now also negatively impacted on either/or image, reputation or traffic perspectives.
So we here at SSM are undertaking a small series of end-user surveys (specifically those that were impacted) about their total ‘experience’ with the solution. Questions like: Who did you call first? How were you told? Did your SEO rankings take a hit? Was your webhoster helpful? Did you switch hosts/designers/products based on the infection. What other steps have you taken, etc.?
Thus far (early in our survey), some interesting facets have already arisen.
Primarily:
1) Clients learned of their defacement primarily through their customers or colleagues. Because they don’t regularly monitor their site, they had no idea that they were infected.
2) Their web host provider was NOT helpful, not beneficial during the resolution process. Surprisingly enough, only a small percentage ’switched’ providers due to this.
3) Google was their main source of information on this issue, but the information was confusing, not really related, and generally was unhelpful overall.
We will be publishing more results as the data becomes more solid. We are still running the survey, so if you (or someone you know) went through this very personal hell, please forward them this survey link URL: http://surveys.verticalresponse.com/a/show/527087/2a7f185d4a/0
(securely hosted by vertical response – anonymous is ok too!)
-Jason
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:40 AM
For some light humor!
1) You really enjoy waking up in the morning with your coffee, hitting your homepage, and finding a new page marketing ‘special offers’ for ‘enhancement’ products… You spill your coffee, burn…ouch.
2) You just love getting a hosting bill showing your site had somehow managed to use 4 terabytes of data last month, even though your site is actually just 3 small pages.
3) You appreciate the Friday afternoon calls from 2 of your largest customers, saying that they are switching to your competitor due to some aggressive marketing they’ve received… Hmm, wonder how your competition knew how many kitty trinkets your biggest customer ordered last week?
4) You relish the thought of not being able to send your weekly newsletter to your regular customers, since, for some reason, no emails are getting through and your hosting provider says you sent 1,540,098 emails in the past hour marketing Acai Beans. You sell catnip toys… Interesting.
5) You’ve had approximately 38.56 different people help you with your website, you’ve changed hosters 6 times, and attempted to change the registrar of your domain three times but gave up. You know what they say about too many cooks…
6) That great freeware guest- book system written by a kid in Slovakia with a name you can’t even pronounce you thought was really neat in 2003 is actually still on the site, but you’ve long forgotten about it being there. Google and the scammers didn’t forget though…
7) One of your designers installed a patch for your shopping cart 2 years ago and had problems. After googling for a solution for a few hours with no results they decided to chmod 777 * a few large directories. Voila, it works! And that’s the way it’s been for 2 years now. Lovely.
8 ) You enjoy explaining to your customers how their private information is now front page news, or worse, with their ex-wife’s lawyer!
9) The thought of having the marketing list you paid $10k for last year available to anyone is something you enjoy. Sharing and collaborating, that’s what the net is all about, right?
10) You enjoy negotiating with a faceless individual from somewhere overseas that speaks like this “u will knot get ur d8a bck ever again unlezz u pay $80.000 dollarz.”. It wasn’t just your corporate data, it was your friends and family as well… Ouch.. Get that wire transfer ready.
11) Finally... The end of the pain. Perhaps not. On top of all of the great ‘side effects’ of not scanning your website – You get sued, your family gets sued, and now the ‘authorities’ are looking into your business activities — because — surprise, surprise, there are laws surrounding data protection. Your business is kaput, your staff is leaving in droves, and everything you’ve worked for for years now is gone. You thought you were diligent in picking a hosting provider, team members for the design and development and other folks for the rest of your business. However, when it came to someone offering you a fresh set of eyes on your site, you said no. No, we’re ok. We check. We’re fine. You thought website security scanning was like insurance. Perhaps it is. But we all miss it when we need it. In this case, you need it before you actually really need it. Because, by then, it’s too late.