The strange case of malicious Favicons

A-18682 case: « Horatio, we have no idea why this site is being hacked continuously. We don’t see any backdoor and all seems to be OK. Would you mind to give it an eye to see if there is something that is being overlooked by our scans? ». During my last years in Sucuri, in the first line of battle as incident response and security analyst, I have seen a lot of curious cases, some of them funny, some of them scary. And I also learned where to look to find hidden stuff. This case will show the whole process to discover how a favicon could turn your site into a zombie node.

Orateur·rice

Catégories