Posted by Jason Remillard on Tue, Jul 13, 2010 @ 08:58 AM
Responding to increased attacks and more sophisticated
approaches by hackers, effective immediately ALL subscription packages from SSM will now be scanned for Malware at minimum TWICE a day.
Higher level packages will have the sites subjected to the scans three or more times a day. We are finding with external or even internally hosted ad networks, the prevalence of Malware insertions is increasing. As well, we are trying to confirm, but it looks like our friendly googlebot is getting more aggressive on the Malware detection stance as well, potentially putting your site at a higher risk of being 'caught' by Google.
So, at no extra cost, we've increased the frequency of all scanning options, and expect this to continue onwards.
PS> Don't forget to check out our latest product addition - The Secure WordPress Plugin - now with over 160,000 Direct INSTALLS!
Posted by Jason Remillard on Fri, Jul 09, 2010 @ 09:59 AM
--July 9, 2010.
SSM has officially taken over the support, stewardship and operational aspects of one of the leading security plugins for Wordpress today.
"As part of our community outreach program, we decided to work with Frank to transition the plugin to our development team. With over 150,000 downloads since he started it, we felt that this would make a significant addition to our service repertoire", stated SiteSecurityMonitor.com founder Jason Remillard.
"SSM is a leader in the web security space, and I've known 
Jason and his team for a while now. I feel comfortable that SSM will continue to develop the plugin and provide great customer support for it", added the original developer of the Secure Wordpress plugin - Frank Bueltge.
Financial terms of the deal were not disclosed. Product 
management details are still being worked out, primarily if this plugin code base will be merged with the original SSM plugin: WP Secure.
"Two things are certain in this deal: One, this plugin with continue to remain free to the community forever. Two, this plugin is an important step in protecting businesses from malware, security injections and other attacks. This product fits perfectly with our corporate mantra", continued Mr. Remillard.
Shortly the plugin will be revised to support two popular features from SiteSecurityMonitor.com - a free whole site Malware scan, and a complete Web Vulnerability and Penentration test. As well, all current and new customers will have access to the popular SSM Security Seal Program - this allows webmasters to put a security seal on their site demonstrating that it has (or is) being scanned and protected from Malware.
Existing and new customers may download the plugin directly at: http://wordpress.org/extend/plugins/secure-wordpress/ or learn more about it at: http://www.sitesecuritymonitor.com/secure-wordpress-plugin/
For more information or interview requests, email sales@sitesecuritymonitor.com, or call: 888-451-3338
Posted by Sam Leeson on Mon, Jun 07, 2010 @ 11:18 AM
Everywhere we turn in the recent weeks we are reading articles, blog posts and social media updates about frustrations consumers are having with Adobe products. This comes in light of the Kaspersky Lab report titled "Information Security Threats In the First Quarter of 2010" indicating that Adobe products are the number one choice for hackers and virus writers around the world. Adobe went so far as to announce, late Friday, that they know about that holes being exploited in their Flash Player and indicated that, as yet, as patch was not available.
What I glean from the comments I've read is that individual consumers are surprised that their sites are being targeted just as frequently as the "big companies." Too often we make the assumption that because we are small, we are inconsequential and therefore uninteresting and unappealing to the hackers and malware-spreading individuals of the world. This is no longer the case. The people who are looking for targets generally have plenty of time and patience on their side 
so they can hit anyone with access to the internet through a blog posts, website visits, or click-through ads. Many of these sites utilize services offered through Adobe and other "big name" companies and so if there is already vulnerability there, you are unwittingly subjecting yourself and anyone who visits your site to an attack. J. Sadowsky, from http://www.partyinnovations.com/ thought he was protected by using McAfee security solutions but only managed to become completely free of site attacks when he began our program utilizing both the malware detection coupled with our vulnerability scanning services.
Regina, from WPSecurityLock, makes every effort to ensure that blog writers using the WordPress platform have all of the information they require to keep their posts safe from attack. Regular readers of her site will also note that she even writes about any potential exploitation she comes across.
Do not assume that simply because you are small, you do not have power. Be it good or bad, you wield more power than you think.
Posted by Jason Remillard on Mon, May 10, 2010 @ 01:03 PM
As widely reported in the past few days, major hosting operations such as GoDaddy, Verisign, Bluehost and others are being subjected to coordinated attacks on Wordpress and ZendCart installations.
At this point, while everyone sorts out the mess, it is unclear about how all of them are being affected (opinion is 50/50 that is from the 'inside' - that is a major server vulnerability vs. a software vulnerability).
As with all wordpress installations, we recommend that enduser/bloggers install our free to the open-source community WP-Secure by SSM Wordpress Security Plugin.
This plugin does the basics of security that all WordPress users should be doing by default, but usually don't due to complexity or time constraints.
SiteSecurityMonitor.com provides affordable and reliable vulnerability and malware scanning services for Wordpress blogs, and all sorts of ASP/SaaS based web site solutions. SSM also offers a free onetime trial scan to all of its customers.
Posted by Jason Remillard on Mon, Mar 15, 2010 @ 01:44 PM
Hey everyone...just wanted to say thanks to everyone who has tried the WP-Secure by SSM Wordpress Security Plugin... The press releases have been distributed as of this morning, and we're already starting to see bloggers pick up the idea and talk about it.
From our perspective, security is a multi-layered approach and part of it resides with the site owners. We felt that the current instructions for securing a WordPress Blog were confusing, too techie, and usually were too hard for anyone to specifically do, without a techie helping.
Thats why we wrote the plugin. This baby does 23 security fixes for you, with mouse clicks. Simple, easy and quick to implement.
If you haven't tried it, go ahead and download it here! If you like it (or not), please update the wordpress page for the plugin.
We appreciate it!
-Team SSM
PS> Don't forget to join our Facebook Group....81 members as of this writing!
Posted by Jason Remillard on Tue, Jan 26, 2010 @ 12:05 PM
Malware… Yes, its been around for many years. However the attack vector has changed. Long ago the primary distribution method was by sharing dirty data (yes, exchanging floppy disks….remember those days?! 
Then it went onwards into distributing viruses and malware via email (this is the early days of outlook express!). Then, came the solutions to block this (antivirus on your email, desktop solutions that block installs on your PC, etc.)
Now however, it is much more sophisticated. As unfortunately some of you have experienced, the hackers are now cracking PCs and websites to inject malware. Hence the term ‘drive-by malware’. By infecting your website the hackers are now able to enjoy a free distribution method for their wares – your website. Target any sized website, inject your bad code, and watch the infections grow by the minute!
Consider this scenario… we have a customer who came to us (name not mentioned of course), that had been injected my malware. The alerts went up in Google HQ. His site was dropped from search engine rankings immediately. So, boom – there goes all of his google traffic (in this case, responsible for about 2,000 unique visitors a day).
Worse yet, now that Google was aware to his sites problems, the browser vendors now pick up on this and start warning ALL people visiting his site with this nice little alert:
Malware Reported Attack Site
So now, he has -0- traffic from Google. ALL of his users are now getting told this is ‘an attack’ site. All bookmarked entries, links from other sites, etc. ALL reflect that this site is now worse than the worse of worse! You are evil! You are spreading the scourge of the earth! How could you!
Now, this guy is in a panic. He’d just started a major campaign (offline and online), and had paid for alot of advertising that was non refundable. He was loosing 
1000’s of dollars a day, and his business was evaporating before his eyes.
Personnally, I don’t like to scare monger my customers into solutions. I think it is a disservice that many of our competitors do. However, I do like to highlight true to life stories, and their true impacts.
In this case, we were able to quickly shut down his site to stop the spread. Taking the site offline also minimized any infections he was spreading (because, in reality, he was). After stripping out the hacked code, we scanned all of his site (100’s of pages) and plugged up any holes the web vulnerability scanner found (there were more than one in his shopping cart and forum systems). Turns out, some of the lovely little hit counters and subscriber forms he had on his site were wide open as well.
Anyways, after the cleanup, and a few runs through our malware scanner to ensure we were clean, we stood the site backup and asked please, please please!
Google, please allow his site to be back in your good graces…
After about 36 hours, Google’s scanners had verified that he was now indeed clean, and reincluded him in the indexes. Luckily, since we caught it quick enough, this did not affect his PR rankings and his SEO work he’d invested so much into was saved.
Now, the browser alerts were another problem. Firefox released their warnings within a few hours of Google. Microsoft IE shortly thereafter. Safari and a few other smaller footprint browsers took a few days.
All in all, this attack cost him well over $10,000 in immediate losses due to his PPC campaign and offline media buy losses. Of course, now he had a perception problem with his customers (yes you are safe, no I’m not a hacker, etc.), and on top of that, one very long, long weekend on the phone with customers.
How to protect from these effects? Well, since nothing is 100%, regular scanning is your best defense, since you’ll know before the hackers do that there is a problem with your site. Even more important, since we now test each and every URL on your site with over 120,000 attack patterns (yes, that many!), you are getting great coverage and risk mitigation from the standpoint that you know more, on a daily basis, about what the outside knows about your site.
This, all told, allows him to sleep better at night
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:39 AM
Just about every single entity involved in a computer has updates. Whether it’s the newest software version of Firefox or the newest graphics driver for your computer. We all know this can get annoying… every few minutes another application is telling me I should update it and sometimes you can just forget to, or decide not to… but then there are often downsides of that.
WordPress recently announced that if you do not have the newest version (or second newest version) you could be vulnerable to the latest worm. This one actually has the ability to register a new user which hides itself and later edits permalinks in order to hide spam and malware inside your old posts.
So make sure that you have the latest version of WordPress, you can check by going to “Tools” and then “Upgrade” and it will tell you whether it’s the latest or not. If you don’t have the latest version, update and check all of your old links immediately.
Updating can be a hassle and keeping up with all those applications can be an annoyance. At least you always know that you don’t have to worry about updating your security services here with us — here at SSM we are updating our scanners and pattern matchers every day to ensure that you have the best protection.
SOURCE: http://www.net-security.org/malware_news.php?id=1103