Compromised WordPress sites serving client-side exploits and malware

Compromised WordPress sites serving client-side exploits and malware

Summary: Security researchers from TrendMicro are reporting on mass compromise of WordPress sites, currently serving client-side exploits and malware to users.

SHARE:
TOPICS: Security, Malware
3

Security researchers from TrendMicro are reporting on mass compromise of WordPress sites, currently serving client-side exploits and malware to users who click on malicious links in the spamvertised emails connected with the campaign.

According to TrendMicro, cybercriminals are impersonating the Better Business Bureau and LinkedIn in their spamvertised emails, enticing end and corporate users into clicking on the malicious links found in the emails.

Upon clicking on the links, users are exposed to the Black Hole web malware exploitation kits, currently serving CVE-2010-0188 and CVE-2010-1885 exploits, ultimately dropping a CRIDEX malware variant.

Cybercriminals regularly take advantage of compromised legitimate infrastructure acting and distribution and infection vector for their malicious campaigns, in an attempt to trick web filters into correctly identifying the legitimate infrastructure where the distribution and infection vectors are hosted.

End and corporate users are advised to ensure that they're not running outdated versions of their-party software and browser plugins, as well as to avoid interacting with these emails.

Topics: Security, Malware

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • I dont fear

    I'm not afraid, i got Norton. Bwahahaha
    neeeko
  • Updating not always possible

    For a large number of people updating WordPress is risky or other issues prevent them doing so: quite possibly the majority of WP blogs out there are out of date.

    WP is an excellent software, but although personally I have always updated the next day, with 3.3 I refused, as with other people, due to the loathsome mandatory Toolbar and the now-collapsed sidebar in the Admin. Realistically, this means transferring to another CMS in the longer term; yet in the meantime I would be running an out-dated version.

    However, as this gentleman points out, this isn't the end of the world, nor necessarily dangerous even:

    http://kevinjohngallagher.com/2011/09/omg-wtf-y-u-no-upgrade-kktnx/

    [i]Far[/i] more important is instituting a vigorous anti-spammer regime, and hardening the site on the server itself. It is annoying we still have to take active measures against these rascals, but perhaps in ten years they will be a thing of the past with increases in technological advancement. Yet now, only vigilance, passive or active, can protect a site.
    Claverhouse
  • Easily fixed

    I had a couple sites compromised. Unlike Claverhouse (who doesn't like the toolbar - easily turned off; or the fly-out menus - a great improvement in navigation), it is best to ALWAYS get the latest release of Wordpress. It is always improving - faster, more friendly, more shortcuts.

    In my case, Google and my host both informed me of the issue. I was able to harden the sites (article directories) using a couple great plugins.
    wwday3