French gaming site serving ZeuS crimeware for over 8 weeks

French gaming site serving ZeuS crimeware for over 8 weeks

Summary: According to researchers from Avast, the high trafficked Assassinscreedfrance.fr web site, has been serving ZeuS crimeware variants to its visitors for over 8 weeks.

SHARE:
TOPICS: Browser
4

Cybercriminals are constantly scanning the Web for exploitable and misconfigured web applications, and blogging platforms such as Wordpress for instance.

Not surprisingly, hundreds of  thousands of legitimate web sites remain susceptible to remote exploitation, which on the majority of occasions are serving malicious content to unsuspecting end and corporate users.

According to researchers from Avast, the high trafficked Assassinscreedfrance.fr web site, has been serving ZeuS crimeware variants to its visitors for over 8 weeks. Moreover, the researchers point out that the web site is among the remaining 1,841 legitimate web sites serving the same crimeware variant.

The web site is currently returning a "Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /homepages/23/d207590046/htdocs/wp-content/plugins/countdown-timer/fergcorp_countdownTimer.php on line 1050" error message.

How did the malicious attackers obtained access to the affected gaming web site? By exploiting the outdated Wordpress version running on this domain. Avast is also confirming that based on an analysis of 6000 affected .com web sites, a huge percentage of them are susceptible to exploitation through outdated and vulnerable Wordpress plugins.

Users are advised to keep an eye for newer version of the popular blogging platform, including the introduction of new versions of the Wordpress plugins currently in use by their web sites.

Topic: Browser

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Shouldn't Wordpress be somewhere in the blog title?

    Compromised Wordpress sites were/are also an important contributing factor to the OS X Flashback trojan infecting so many macs.

    Not only do PC operating systems, applications and plug-ins need to be kept up-to-date, but website software as well.
    Rabid Howler Monkey
    • I agree. Assassinscreedfrance.fr

      is a Linux based server. Obviously it was not kept up to date, and ultimately compromised.

      :|
      Tim Cook
  • freelance

    a friend's mother makes $77 every hour on the laptop. She has been without work for 9 months but last month her income was $17191 just working on the laptop for a few hours. Go to this web site and read more makecash16.com
    martin711
  • Good news: this website (http://lnk.co/ILTHN ) we has been updated and add

    Good news: this website (http://lnk.co/ILTHN ) we has been updated and add products and many things they
    abandoned their increases are welcome to visit our website. Accept cash or
    credit card payments, free transport. You can try oh, will make you satisfied.

    http://lnk.co/ILTHN

    http://lnk.co/ILTHN

    http://lnk.co/ILTHN


    sgerger
    xhopdsvg