Hijacked WordPress, Joomla Websites Install Scareware: SANS ISC
According to a warning by SANS Internet Storm Center, numerous WordPress and Joomla websites are in the state of compromise after cyber-criminals have manipulated them for serving scareware, i.e. phony anti-virus, onto visitors' computers, published softpedia.com in news on December 12, 2012.
Offering his remark about the attack, John Bambenek, ISC Handler stated that the surprising aspect about it was that the campaign did not appear as a scanner abusing certain security flaw rather it was a tool, which was primarily thrusting WordPress as well as Joomla exploits, through one available server in anticipation that something would turn out successful. Threatpost.com published this in news on December 12, 2012.
Reportedly, the campaign has been investigated at Germany's CERT-Bund where security researchers discovered an act of iFrame injections inside the compromised websites for diverting visitors onto an attack toolkit through the Sutra Traffic Distribution System.
Moreover, Security Expert Thomas Hungenberg with CERT-Bund who conducted an analysis of the campaign said that the initial contaminations possibly happened because of any malicious automated script, which abused familiar security flaws within the much visited Content Editor of Joomla, thus published h-online.com in news dated December 12, 2012.
Apparently, the cyber-criminals are exploiting the development by employing what's called Traffic Redistribution Mechanisms, which perform two-way trade of Web-traffic as well as fake AVs, so end-users can be made to purchase pro-versions that transform the compromised online systems into money generating devices. The strategies are not only functional but also popular business models being used within the illicit cyber-market.
Related article: Hospital Pulled Out Its Spam Using SAV
» SPAMfighter News - 19-12-2012