Posted by Sam Leeson on Thu, Jun 17, 2010 @ 03:22 PM
While reading through blog posts this morning I was greeted with this one from
Acunetix indentifying reasons why consumers should be wary of "[hopping] aboard the Web Vulnerability Scanning bandwagon." Their article raises several valuable reasons as to why deciding to repair your own system may be more harmful than helpful. What the article did not describe was why services like ours at SiteSecurityMonitor.com are an essential tool for large and small companies alike.
When you register with SSM you can be sure that you are not only scanning for website vulnerabilities within your own system but also that you are seeking out and identifying malware that may have infected your entire network. Because the whole focus of SSM is to be able to identify malware and vulnerability issues within the sites of our clients we are able to direct all of our resources to continuously update and remedy the ever-increasing number of viruses set to damage a website.
Certainly I can support the idea that Acunetix raises about how easy it is to find, buy and use an "outdated, unproven, ‘free' scanner" and that's why we are here. There are so many options out there that it can feel overwhelming to know where to begin to look for help. That said, these days with the media outlining how easily hackers seem to be getting a hold of large companies like Adobe and Apple's iPad then why wouldn't you be anxious about the safety of your own website?
If you aren't sure about the services we offer then I encourage you to give us a try before you commit. Fill out the "Get A Free Scan" form on the right side of this page and let us tell you what we find. According to clients like Jack Summers, of Radioworld.ca, the research shows that "SSM earned high marks are the most community-oriented and helpful solution in the [malware and vulnerability scanning] industry." Let our service speak for itself.
Posted by Jason Remillard on Mon, Mar 08, 2010 @ 08:07 AM
Much like Mr. Reagan, we nned to trust but verify.
Very interestingly enough, in the past five or six days we have been detecting ad networks including Google Adsense, Adultadwords, and Adbrite allowing malware-laden ads on their networks. We are not the only ones who have identified this issue, check out the following links for more information about them:
Google Adsense distributes malware - Google blocks own publisher!
AdultAdWorld (AAW) -distributes malware - doesn't answer the phone
This highlights a major issue that we have been discussing for a long time with all of our customers -- that is, the need for ongoing Malware detection scanning. Your site might be nailed down. Your site might be clean from SQL injection, Apache flaws, cross site scripting, and the myriads of other issues associated with open source and custom developed software. However if you run any sort of ad network, widgets, or anything else that inserts code from other sites you are running a major risk.
In these cases you are a very simple publisher. You trust your ad network since they are your partner. And now those lovely people are inserting Malware into your site.
Looking further, although humorous but serious, Adsense itself inserted malicious ad code into a customer's website -- and then proceeded to ban them and slapped the nasty Malware alert window on this board buggers website.
Now, how are going to react in this sort of scenario? I'd be interested in your comments, however at the end of the day you have to trust somebody and I like trusting by a verification -- and in this case we use several third parties for our validation services since I don't trust anyone on its own.
That is our commitment to you as a client of sitesecuritymonitor.com. We bring the best of breed to you, from a solution perspective, from a resource perspective, from a research perspective.
Again, I am interested in any comments regarding this subject -- it is very unfortunate that the Malware purveyors have chosen to attack this vector to distribute their wares, but did you really expect them to stop? We certainly didn't.
Is Google Adsense a Trojan horse itself?
Posted by Jason Remillard on Thu, Jan 21, 2010 @ 11:32 AM
I came across a great question in LinkedIn a few weeks past, and took the opportunity to document basically what it is, in a simple version: (and it was voted the best answer! :)
Question:
What is an ‘SEO poisoning attack’?
SEO poisoning attacks are primarily attacks on popular websites using XSS or cross server scripting. IFrame viruses also act like this. Iframe are the most dangerous viruses that attack websites online through low server or FTP password leakage. These viruses then target different websites which contain some exploit matters, images and content.
Answer:
This is a sophisticated attack that is being perpetrated on a daily basis. (We just had one of these this week).
Basically, the hacker includes a script (in apache config, in your Wordpress blog, htaccess), etc. That says, if the incoming user agent = googlebot, etc. SEND THEM here. If its not, display that site.
So in my customer's example, all of his SEO rankings were showing porn, Viagra, etc. But to end users, the site worked just fine. So when Google crawled his site, Google was redirected to other content. Google indexes it, and moves on. So now, ALL of your SEO for your site is showing indexed data for the porn site. Keep in mind as well, the Google Malware alert was NOT displayed to end users. So they tricked Google twice here - once on the SEO rankings, secondly the Google Malware detection system. Seems they don't test the malware NOT using the googlebot user agent - otherwise it would've been detected. 
Even worse now, the one we dealt with last week, was operating a ‘webring’ of sorts. That is, the sites referred to each other as well. These cracked sites were thus increasing the SEO value of the porn links exponentially as the ring grew (as more infected sites were added). This was growing at approximately 30 sites a day.
The main ‘benefit’ here is that Google indexes this hacker's site, using your backlinks, etc. to your site to grow his SEO value.
Seems like everyone wants a good ranking from Google :-/
Unfortunately, this is a sophisticated attack, and usually has many layers (in this case, the redirects were in 4 different places, and took us hours to find).
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:28 AM
While I try and not to be so graphic with my comments, I can’t help but feel CSI-que lately with all of these hack attacks.
So here we go again. This time, its CITI. Just reported today by marketwatch.com, Citigroups stock sank significantly based on the rumor that Citigroup suffered a hack attack that lead to millions of dollars of client losses.
Now for the record, at this point, Citigroup denies the allegations. However, the Wallstreet Journal broke the story themselves earlier today.
Anyways, no matter who did what, when to whom, lets look at the splatter here..
1) stock drops
2) Customers start to call in
3) Customers who smell anything out of the ordinary will call in
4) Customer worry, risk and otherwise confidence in the internet and banking as a whole suffer
I’m sure the community will come up with more than my simple list above, but it is safe to say there is SOME impact, material or not, to Citigroup and the industry as a whole.
UPDATE: Now CNET reports it as well, but with denials from Citigroup