Cyber-criminals Abusing WordPress’ Popular Extension

CEO Mark Maunder of Feedjit based in Seattle cautions that cyber-criminals are abusing publishing platform WordPress' popular extension for compromising websites struck with security flaws. Theregister.co.uk reported this on August 2, 2011.

Maunder said that the security flaw impacted practically every website which was loaded with TimThumb a feature for resizing images as it moved along with WordPress.

Apparently there's little security of the extension since with it attackers can easily run malware on Internet sites, which utilize it. Maunder added that a minimum of 2 websites had by now been hijacked.

Further according to him, he came to know of the security flaw when there were unexpected and mysterious uploading of ads on his markmaunder.com site despite no configuration on the blog for doing so.

He therefore launched a detailed probe only to find that a cyber miscreant had utilized TimThumb for uploading a PHP folder onto a directory of his blog that was then run. According to Maunder, TimThumb by default lets remote uploading and resizing of files via wordpress.com, blogger.com along with 5 more websites while it does not scrutinize URLs for malware thereby facilitating in uploading malevolent contents.

Amazingly, Ben Gillbanks the developer of TimThumb found his own website intruded via exactly the identical process that Maunder highlighted.

Indeed, responding to what Maunder discovered, Gillbanks remarked that he couldn't be more regretful for the omission within the code as also he hoped that no one had anything utterly unpleasant occurring with their websites on account of his error. Pcworld.com published this on August 2, 2011.

Gillbanks suggested that as of now the most appropriate solution was to just install the most recent edition of TimThumb. He declared that plentiful tweaks had accumulated which could make it more difficult to exploit the script.

Meanwhile, Gillbanks said that people who wished for being wholly certain that attackers wouldn't abuse the script could tentatively eliminate the file with the help of timthumb.php, while ensuring that the elimination made no impact on the subject. Besides, there were plentiful subjects wherein the script's moniker had undergone alteration, therefore that too should be searched, Gillbanks concluded.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 8/15/2011