Sunday, 23 August 2015

Thousands Of Hacked WordPress Sites Spread Ransomware

In recent weeks attackers have hacked more than 2600 unique WordPress sites and provide malicious code that attempt to infect visitors with ransomware. The hacked WordPress sites are all running version 4.2 of the software or older, says security firm Zscaler.

The attack on the WordPress sites consists of several steps. First, the site is accepted in full. So the attackers add a Webshell, and steal the credentials of the administrator. Is then added an iframe to the website that visitors to the WordPress site unnoticed a page with the Neutrino-exploitkit late charge. The iframe code only to users of Internet Explorer is shown. A cookie will prevent victims of the iframe code are offered several times.

To infect users makes the Neutrino-exploitkit using a malicious Flash file. In case Flash Player not installed on the computer, the user is offered an old Flash installation file, and the malicious file is loaded. Do not know how the installer will install exactly Zscaler allows the analysis of the attack.

In case the attack is successful, the ransomware CryptoWall-installed on the computer. This ransomware encrypts files on the computer and asks users a certain amount for decrypting. According to analyst John Mancuso WordPress remains an attractive target for cyber criminals. WordPress is a very popular free content management system used by more than 60 million websites, including about 23% of the Top 10 million websites on the internet.

No comments:

Post a Comment