Numerous WordPress-Powered Websites Hacked
As per the news published by TG Daily on May 10, 2010, hackers have attacked numerous websites created using WordPress.
At first the attack seemed confined to sites hosted by DreamHost, the American ISP, but later it was found that blogs hosted at Bluehost, Media Temple and GoDaddy have also been compromised. According to the reports, many PHP-based management systems have also been attacked, like the Zen Cart eCommerce solution.
The web pages that are hacked seem to be infected with scripts that not just implant malware on a PC, but also refrain browsers such as Google Chrome and Firefox, which make use of Safe Browsing API of Google, from issuing a warning when the page is tried to be accessed by users.
Such specifically designed page, when encountered by search bot of Google, responds by just returning safe code. This disguise tactic capitalizes on the browser switch that generally developers use to return browser-specific code so as to go with the functional differences in different browsers, like Firefox and Internet Explorer.
It's still continuing to be mystery for the security experts as to which flaw was abused for the large scale assault. As of now, the only thing that appears sure is that the problem was not in WordPress, otherwise there would have been considerably higher number of infected pages.
Commenting on the issue, David Dede, researcher at Sucuri Security, said that they are in no ways blaming WordPress, reported TG Daily on May 10, 2010. He added that there might be a possible vulnerability in a plugin or someone might have stolen a number of passwords. Moreover, none of the hacked websites were on a private server, all were on shared hosts. So, it looks that it's nothing specific to a hosting company, he concluded.
However, there are different views regarding whether the security vulnerability only affects older versions of WordPress. While Todd Redfoot, Chief Information Security Officer, clearly suggests customers to update to the latest version of WordPress, David Dede says that pages powered by the latest WordPress version have also been compromised, reported The H Open on May 10, 2010.
Related article: Numerous GoDaddy Websites Hijacked for Pushing Malware
» SPAMfighter News - 20-05-2010