Ultimate Website Security Tools

Scan your website for Malware
top52020

Dear friends, 2020 is already in the past. And despite all the troubles of that year, the web-attackers continued to work. Each day. They hack sites using vulnerabilities, placed backdoors there. And that makes your site shows illegitimate ads or redirect visitors to malicious resources, and much more.

So here is the list of top-5 common threats Virusdie BASE team faced with in 2020.

1. JS.Inject.MalwareDomains

JS.Inject.MalwareDomains

These JavaScript injections have massively attacked various sites and have been inserted into many scripts and databases. The attackers used different domains, but the essence is the same for all: the script redirects users to scam resources.

2. Trojan.Inject.78

Trojan.Inject.78

This backdoor was the most common. The code is specially obfuscated by attackers so that an ordinary user doesn’t understand the essence of the code.

3. HexInclude.2

HexInclude.2

Inserting PHP code: using the include and require functions, files containing the main malicious code are included. In this case, the path to the file is presented in a poorly readable form, because some of the characters are represented in hexadecimal system.

4. Trojan.MisterSpy

Trojan.MisterSpy

An old, but not forgotten by attackers web-shell – MisterSpy. It is a multifunctional tool that allows an attacker to comfortably manage files on a victim’s website.

5. JS.Inject.96

JS.Inject.96

Another JavaScript insert that infects many files on the site, after which additional code appears on all pages that redirects visitors to fraudulent sites. Unlike the JS.Inject.MalwareDomains threat, the code here is not written explicitly, but using functions such as String.fromCharCode.

In conclusion, we note that the majority of malicious files are uploaded by attackers to the site via vulnerable components. Therefore we recommend to promptly update the CMS and its extensions, it reduces the probability of site infection. And that is cool, that Virusdie informs you automatically about weakspots as well, cos there is a vulnerability patch manager under the hood – not only website antivirus 🙂

This rating prepared by Daria Golikova, a head of Virusdie.BASE.

Join our private Facebook group to get help from other security experts, and share your own web security experiences and expertise. Group members receive exclusive news and offers. They can also communicate directly with the Virusdie team. Join us on Facebook.

Comments