Black Hole Invades Numerous WordPress Sites
Cybercriminals have hacked WordPress sites to redirect users to a Black hole exploit kit which circulates malware, anti-virus firm Avast said.
According to a victim, the virus in image resizing tool TimThumb enabled assailants to take hold of WordPress websites. The anti-virus firm, on its own, blocked redirection efforts from 3,500 and 2,515 websites in August and October 2011, respectively.
Jan Sirmer, the senior researcher at Avast, said same results are expected for November too. The invaders might have hacked few sites by taking advantage of frail passwords, The Register reported on November 2, 2011.
Another expert had identified about 4,400 WordPress sites which were seized in an assault that disillusioned Google Image results with the Internet sites which tried to befool users into deploying fake antivirus program.
Infected WordPress sites had affected around 151,000 users with the spiteful forwarding. Though the antivirus firm could not reveal details about the gap in TimThumb that was being used by the aggressors, it was learnt that the Black Hole exploit kit readdressed the internet users to an outer malicious software hosting website.
The original version of the kit, likely developed by Russians, has been available for about $1,500 in the underground market, while its scaled-down edition can be accessed at no cost. It is quite taxing to eliminate the spiteful code if a site gets contaminated. Russian investigator Denis Sinegubko, who found the WordPress assault that used to destroy Google Image results, has suggested the infected sites' managers to check for rules in the .htaccess files in the site origin and beyond the root index.
The susceptibility in the TimThumb resizer was noted in August 2011. The utility, which obtains pictures from Flickr and Photobucket, checks hostnames somewhat partly. Due to this vulnerability, cybercriminals could upload and carry out arbitrary code in the .php cache index.
» SPAMfighter News - 14-11-2011