malware-detection

Detecting malware-added advertisements on my site

﹥>﹥吖頭↗ 提交于 2020-01-04 01:57:09
问题 I recently made a kind of "Public Service Announcement" on my website telling people that there is only one advertisement on the site and it is neatly placed into the site's design. I did this because someone reported the site as "not working", and when asked for a screenshot of the problem, provided me with this: ad-riddled screenshot http://ezimba.com/work/140308C/ezimba19743774066600.png Further investigation revealed the problem to be a malicious extension called "HD Streamer". In general

“Deceptive site ahead” on google chrome and malicious code can not be isolated

浪尽此生 提交于 2019-12-25 07:34:29
问题 I am receiving notification in Google Chrome Deceptive site ahead Attackers on {mysite-here}... may trick you into doing something dangerous like installing software or revealing your personal information (for example, passwords, phone numbers or credit cards). Google webmasters tools provide information: Harmful content Request in process Google has detected harmful content on some of your site’s pages. We recommend that you remove it as soon as possible. Until then, browsers such as Google

Signature scanning

人盡茶涼 提交于 2019-12-22 10:56:15
问题 many antivirus programs using signature-based malware detection. Here is creating signatures for ClamAV. I can understand how they create signatures considering that the whole file is a malware, but I couldn't understand how to find malware when it is in the body of the file - the hash would be another. Anybody knows? 回答1: My answer is not specific to ClamAV; instead I've answered in a general sense. Maybe this is helpful for you. First of all a virus signature is not necessarily a hash value

Extract API calls from an APK

时光怂恿深爱的人放手 提交于 2019-12-13 10:21:55
问题 How could i extract API calls/System calls sequence from APK? I have decompiled source code from APK now i want to know if there is a tool that can extract all system calls made by that app from source code. 回答1: You should use CuckooDroid for analyze APK files. I installed it and I use. So I can get all services, activities etc. You can look there enter link description here or enter link description here They provide to get all functions about APK. 来源: https://stackoverflow.com/questions

What is this file in .htaccess?

江枫思渺然 提交于 2019-12-12 16:26:39
问题 I am realy wonder why in .htaccess has those code bellow, can tell me what is this code? <Files 403.shtml> order allow, deny allow from all </Files> deny from 212.92.53.18 回答1: UPDATE : This answer was based on speculation using the facts provided when it was originally posted. The overall consensus seems to be this modification of the .htaccess file is most likely the result of using server management software such as CPanel so it’s not—on its own—an indication of malware infection. The

iFrame Injection Attack Followed us to New Server

懵懂的女人 提交于 2019-12-09 06:56:38
问题 A few months ago, a hidden iFrame started showing up on every page on every site on our dedicated server. When we took the sites down for maintenance with a 503, the iFrame was still there on the down for maintenance page. Eventually, the host blocked the source of the iFrame, but we never found the backdoor. The injected iFrame looked something like this, but wrapped in a style tag to obfuscate and with various URLs: iframe src="http://heusnsy.nl/32283947.html.. We moved our smaller sites to

Signature scanning

坚强是说给别人听的谎言 提交于 2019-12-05 21:33:30
many antivirus programs using signature-based malware detection. Here is creating signatures for ClamAV . I can understand how they create signatures considering that the whole file is a malware, but I couldn't understand how to find malware when it is in the body of the file - the hash would be another. Anybody knows? Grijesh Chauhan My answer is not specific to ClamAV; instead I've answered in a general sense. Maybe this is helpful for you. First of all a virus signature is not necessarily a hash value of a file. A signature is usually a string of bits found in a file, although a hash value