As reported in Ars Technica, a new malware campaign is attacking WordPress blogs.
The campaign began 15 days ago, but over the past 48 hours the number of compromised sites has spiked, from about 1,000 per day on Tuesday to close to 6,000 on Thursday, Daniel Cid, CTO of security firm Sucuri, said in a blog post. The hijacked sites are being used to redirect visitors to a server hosting attack code made available through the Nuclear exploit kit, which is sold on the black market. The server tries a variety of different exploits depending on the operating system and available apps used by the visitor.
“If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can,” Cid wrote. “What’s the easiest way to reach out to endpoints? Websites, of course.”
If you have a WordPress site then you can check it here.
The people who do these kinds of things are the lowest form of scum.
2 comments:
Makes me glad I updated my Jeep club's Wordpress installation a couple of months ago and turned on the (new) auto update function. Just goes to show you can't just install software and let it be anymore, you have to keep patching it with updates or you're going to be owned :(.
Hey Thanks for sharing this blog its very helpful to implement in our work
Regards
hiring hacker
Post a Comment