Popular Posts
-
Elegant Themes has been developing WordPress themes for a long time. It has developed lots of popular themes including Divi, Nexus, Fa...
-
Flickr/Laura D'Alessandro See Also I took Harvard Business School's new pre-MBA course online — and it is definitely w...
-
Hello there! My blog post 'Spikes' was published on Sept. 22nd; however, the post before it called 'Flow' was published on...
-
I seem to receive about three emails a day asking me for advice on how to become a blogger. I try to respond to every email, how...
-
KOZHIKODE: E A Jabbar, a retired teacher and an activist of Malappuram based Yukthi vadi Sangham, has filed a complaint before chief minis...
-
Hi there! There isn't a true e-commerce solution here at WordPress.com. You can, however get a PayPal button. If you get a PayPal bu...
-
OWASP, or Open Web Application Security Project is a non-profit dedicated to spreading information on application security. Their goal is ...
-
Do you love WordPress? Yes, most bloggers and developers love it. This is may be the easiest platform to work. However; There are a...
-
re: iamcharlieg.com There are no monthly payment plans. We are billed annually and have to pay in full at the time of upgrading. re: p...
-
To click or not to click, that is the question. It is both interesting and frightening how such a simple decision can, in a high enoug...
Active malware campaign uses thousands of WordPress sites to infect visitors
This is what happens at the network level when a browser visits an infected site. Malwarebytes Attackers have hijacked thousands of websites running the WordPress content management system and are using them to infect unsuspecting visitors with potent malware exploits, researchers said Thursday.
The campaign began 15 days ago, but over the past 48 hours the number of compromised sites has spiked, from about 1,000 per day on Tuesday to close to 6,000 on Thursday, Daniel Cid, CTO of security firm Sucuri, said in a blog post. The hijacked sites are being used to redirect visitors to a server hosting attack code made available through the Nuclear exploit kit, which is sold on the black market. The server tries a variety of different exploits depending on the operating system and available apps used by the visitor.
"If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can," Cid wrote. "What's the easiest way to reach out to endpoints? Websites, of course."
On Thursday, Sucuri detected thousands of compromised sites, 95 percent of which are running on WordPress. Company researchers have not yet determined how the sites are being hacked, but they suspect it involves vulnerabilities in WordPress plugins. Already, 17 percent of the hacked sites have been blacklisted by a Google service that warns users before they visit booby-trapped properties. Interestingly, Cid added, the attackers have managed to compromise security provider Coverity and are using it as part of the malicious redirection mechanism. The image above shows the sequence of events as viewed from the network level using a debugging tool.
Sucuri has dubbed the campaign "VisitorTracker," because one of the function names used in a malicious javascript file is visitorTracker_isMob(). Cid didn't identify any of the compromised sites. Administrators can use this Sucuri scanning tool to check if their site is affected by this ongoing campaign.
Source: Active malware campaign uses thousands of WordPress sites to infect visitors
0 comments:
Post a Comment