Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319


Parrot TDS poses immediate risk to web developers worldwide

Image Description

Staying up to date with the ever-evolving security landscape is central to maintaining the security of webservers and keeping potential threats at bay. 

There are several key threats to webservers that are important to be aware of, to prevent and mitigate those risks. DoS and DDoS attacks, SQL injections, unpatched software and cross-site scripting, to name a few. 

Now, a recent discovery from threat researchers at Avast has shone a light on an immediate and significant risk to web developers worldwide, named Parrot TDS.

What is a TDS?

Traffic Direction Systems (TDS) are not new. They have been an enemy of web-developers for several years. Used as landing pages that direct unsuspecting users to malicious content, TDS serve as a gateway for delivering various malicious campaigns via infected sites.

Many TDS’ have reached a high level of sophistication and often allow attackers to set parameters which look at users’ geolocation, browser type, cookies, and which website they came from. 

This is used to target victims who meet certain conditions and then only display phishing pages to them. These parameters are usually set so that each user is only shown a phishing page once to prevent servers from overloading.

Parrot TDS

In February, Avast’s threat researchers discovered a swarm of attacks using a new Traffic Direction System (TDS) to take control of the victim’s devices. The new TDS, named Parrot TDS, emerged in recent months and has already reached hundreds of thousands of users worldwide, infecting various webservers hosting over 16,500 websites.

One of the main factors distinguishing Parrot TDS from other TDS is how widespread it is and how many potential victims it has. From March 1, 2022, to March 29, 2022, Avast protected more than 600,000 unique users from around the globe visiting sites infected with Parrot TDS, including over 11,000 users in the U.K. In this timeframe, Avast protected the most users in Brazil (73,000) and India (55,000); and more than 31,000 unique users from the US.

In this particular case, the infected sites’ appearances are altered by a campaign called FakeUpdate, which uses JavaScript to display fake notices for users to update their browsers, offering an update file for download. The file we have observed being delivered to victims is a remote access tool called NetSupport Manager which is misused by attackers to give them full access to victims’ computers.

Parrot TDS also creates a backdoor on the infected webservers in the form of a PHP script to act as a backup option for the attacker.


Like Parrot TDS, FakeUpdate also performs a preliminary scan to collect information about the site visitor before displaying the phishing message. The scan checks which antivirus product is on the device to determine whether or not to display the phishing message. 

The distributed tool is configured in such a way that the user has very little chance of noticing it and if the file displayed by FakeUpdate is run by the victim, the attackers gain full access to their computer. 

The researchers observed other phishing sites being hosted on the Parrot TDS infected sites, but cannot conclusively tie them to Parrot TDS. 

CMS sites

We believe attackers are exploiting webservers of poorly secured content management systems, like WordPress and Joomla sites, by logging into accounts with weak credentials to gain admin access to the servers.  

WordPress has a long history of being a very rich and desirable target for exploits. This is because the software is based on running a series of PHP scripts, which is a popular venue for hackers. The sheer number of components, including plug-ins, themes, and other scripts, makes it hard to prevent potential infections or compromises.

On top of this, many WordPress websites are running older versions that could be behind several major releases, which leads to security vulnerabilities being left unpatched. In addition, some administrators are inexperienced in IT operational security or simply overburdened with other responsibilities and can’t dedicate enough time to implementing the necessary security measures to ensure the safety of a WordPress site.

How developers can protect their servers

Nevertheless, there are steps web developers can take to protect their servers against these attacks, starting with simply scanning all files on the webserver with an antivirus program. Further steps developers can take are:

- Replace all JavaScript and PHP files on the webserver with original files
- Use the latest CMS version
- Use the latest versions of installed plugins
- Check for automatically running tasks on the webserver (for example, cron jobs)
- Check and set up secure credentials, and use unique credentials for every service
- Check administrator accounts on the server, making sure each of them belongs to developers and have strong passwords
- When applicable, set up 2FA for all the webserver admin accounts
- Use available security plugins (WordPress, Joomla)

How site visitors can avoid falling victim to phishing

For site visitors, it’s as crucial as ever to be vigilant online. If a site being visited appears different than expected, visitors should leave the site and not download any files or enter any information. 

Similarly, visitors should only download updates directly from browser settings and never via other channels.


27 Apr 2022



Other Blog

  • Square could buy Credit Karma's tax-preparation business

    Reports claim Square could be about to purchase Credit Karma's tax-preparation division.

    Read More
  • Tape storage is anything but dead, it's going from strength to strength

    Tape storage is far from obsolete as a new report from the LTO Program has revealed that a record 148 exabytes of tape was shipped last year.

    LTO Program Technology Provider Companies HPE and IBM have released their annual tape media shipment report which shows that LTO tape saw an impressive growth rate of 40 percent in 2021.

    Although only 105EB of total tape capacity was shipped during the pandemic in 2020 and 114EB (the previous record) was shipped in 2019, last year’s tape shipments broke a new record as organizations tried to cut cloud storage costs when archiving their unstructured data.

    GM and VP of HPE Storage, Patrick Osborne provided further insight on the report’s findings in a press release, saying:

    “Despite the significant business disruptions and uncertainty in 2021, LTO tape capacity shipments achieved the largest increase since 2006, surpassing the previous record set in 2019. We’re continuing to see organizations return to tape technology, seeking out storage solutions that offer high capacity, reliability, long term data archiving and stronger data protection measures, especially as threats to cybersecurity soar.”

    Cyberthreats continue to drive tape adoption

    When an organization has its systems infected with malware or its files are locked following a ransomware attack, this can do irreparable harm to its business. While there are proactive measures a company can take to defend against the latest cyberthreats, tape storage prevents sensitive files and documents from being online in the first place.

    According to the LTO Program, organizations are increasingly turning to LTO tape technology for increased data protection at a time when ransomware attacks are surging. This is because tape storage offers an inherent air-gap which denies cybercriminals the physical connectivity needed to access, encrypt or delete data.

    At the same time, ransomware trends are reinforcing the need for organizations to adopt the 3-2-1-1 backup rule where at least three copies of data are stored on two different storage mediums with one off-site and one offline.

    LTO-9 technology is also making it easier for businesses to store more data on a single tape as it features an increased tape cartridge storage capacity of up to 45TB when compressed. LTO-9 drives are even fully backward compatible with LTO-8 cartridges so that organizations can continue using their existing tape storage.

    The question now is whether increased adoption of tape storage will continue this year and will the amount of total tape capacity shipped in 2022 surpass last year’s shipments.

    Read More
  • Firefox is losing a key interface look with upcoming Proton redesign

    Fans of a minimalist look are going to be disappointed.

    Read More
  • The best Dell XPS 13 and 15 deals and prices for September 2021

    This week's best deals on Dell’s super-premium XPS 13 and XPS 15 laptops

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us