Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

30,000 WordPress blogs infected to distribute rogue antivirus software

Attackers will try anything to compromise blogs and use them for malicious purposes, researchers said

Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense said in a blog post on Monday.

The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said.

Fake antivirus scan pages are nothing new. In fact, a couple of years ago this type of social engineering was one of the primary methods of distributing scareware to Internet users.

However, many cybercriminals gangs have since switched to drive-by download attacks that exploit vulnerabilities in outdated browser plug-ins to automatically download and install their rogue software.

The large number of infected Web pages seen in this campaign is an indication that these scams still work, said Elad Sharf, senior security researcher at Websense Labs. "Vulnerable websites are a rich source of opportunity for cybercriminals."

More than 85 percent of the compromised sites were located in the U.S., but their visitors were geographically dispersed. "The attack may be specific to the U.S. but everyone is at risk when visiting these compromised pages," Sharf said.

Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks, said David Dede, a security researcher with website integrity monitoring firm Sucuri Security. "It seems the attackers are trying everything lately."

Sucuri researchers have also been tracking this scareware distribution campaign and found that a rogue WordPress plug-in called ToolsPack has been installed on many of the compromised blogs. The plug-in masquerades as a collection of WordPress administration tools, but in reality it contains a backdoor that attackers use to maintain their unauthorized access to the affected sites, Dede said.

"My advice to webmasters is to always make sure their WordPress (and all plug-ins) are updated and that they use strong passwords," the Sucuri security researcher said. "That by itself will go a long way to protect their sites."

Related Articles

  1. CMO interview: Becoming a change agent

    CMO

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Websense
References show all
Comments are now closed.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Hybrid IT Service Management: A Requirement for Virtualisation and Cloud Computing
    When competition is tough and resources are limited, corporate leaders are depending on growing their existing capabilities in order to grow their business. Information technology can be a unique catalyst for business growth, delivering a competitive advantage when creatively applied to established and emerging problems. Read more on what trends are accelerating the value of IT.
    Learn more »
  • Customer Success - Slater & Gordon Lawyers
    Lawyers work hard, and they work fast. Any activity that takes their focus away from the task at hand represents lost productivity and lost revenue. Slater & Gordon Lawyers needed to filter spam and email-borne malware and provide high availability for email. Results from the business solution they chose include 250 hours of IT staff time reclaimed annually for other tasks, long delays in email delivery alleviated, reduced email-related storage costs, and email failover to the cloud in minutes, avoiding hours-long outages. Find out how they got these results.
    Learn more »
  • Mobility Apps: What every developer should know
    Learn how others have delivered industry-leading, multi-platform management and security solutions. In this whitepaper, we look how app developers can develop, deploy and manage apps that enterprises can rely on today and into the future. Click to download!
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments