Bad news for those using Wordpress for their corporate or personal websites. According to security firm Sucuri, a not-so-insignificant number of Wordpress installations have been compromised by a new "visitorTracker_isMob" piece of malware over the past two weeks. Visitors who attempt to go to these sites are redirected to a new page that probes their system for all kinds of weaknesses. If one is found, said system is compromised, and it only gets worse from there.
"This malware campaign is interesting, its final goal is to use as many compromised websites as possible to redirect all their visitors to a Nuclear Exploit Kit landing page. These landing pages will try a wide variety of available browser exploits to infect the computers of unsuspecting visitors," reads Sucuri's blog post.
"If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can. What's the easiest way to reach out to endpoints? Websites, of course."
The best things you can do to protect yourself against this kind of an attack is to make sure that your system is as updated as possible. That includes installing all the most recent operating system updates that Microsoft or Apple offers, as well as all the updates to other critical software related to your Web browsing—like Java (which you should just disable outright) and Adobe Flash (which you shouldn't use anyway). Make sure you're running antivirus and anti-malware apps on a regular basis, too.
As for Wordpress administrators, Sucuri has a few suggestions for protecting your own sites against the VisitorTracker malware.
"If you are a WordPress user, make sure you keep all your plugins updated, including premium ones. I also recommend checking your site via our Free Security / Malware Scanner (SiteCheck) to verify if you're currently being affected by this campaign. If you're a system administrator and have access to your server you can use the following command (grep) to search for the infection on your files," reads the company's blog post.
According to Sucuri, around 95 percent of the compromised websites it has detected are all running WordPress. Of these, around 17 percent or so have already been put on Google's blacklists (and other malware blacklists).
David Murphy got his first real taste of technology journalism when he arrived at PC Magazine as an intern in 2005. A three-month stint turned to six months, six months turned to occasional freelance assignments, and he has since rejoined his tech-loving, mostly New York-based friends as one of PCMag.com's news contributors. His rise to (self-described) fame in the world of tech journalism began during his stint an associate editor at Maximum PC, where his love of cardboard-based PC construction and meetings put him in charge... More »
Login or RegisterPlease enable JavaScript to view the comments powered by Disqus.
blog comments powered by Disqus State CountryAutomatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service
Source: VisitorTracker Malware Affects Thousands of Wordpress Sites
No comments:
Post a Comment