Websites Using Joomla Threatened to be Hijacked

Websites employing the well-known content management system (CMS) Joomla are at danger of being compromised for use in malicious software, popularly called 'malware' payload and phishing campaigns, thanks to the unearthing of a new vulnerability and associated zero-day attack, as infosecurity-magazine.com on August 13, 2013.

Researchers of Versafe Security Operations Center investigated the exposed sites and detected that the exploit permits attackers to achieve full control of the hijacked machines with a variation of the infamous Zbot Trojan.

Although the researchers at Versafe Security Operations Center had observed an increase of phishing and malware campaigns against its subscribers being hosted from genuine Joomla based sites since 2009, the rise in first six months of 2013 powerfully suggested that attackers exploited a finicky vulnerability in the platform of Joomla.

Csoonline.com published a report on 12th August, 2013 quoting a statement of Eyal Gruner, CEO of Versafe saying that more than 50% of attacks targeting their customers in Europe, the Middle East and Africa region (EMEA) leveraged the recently patched flaw and were successful in infecting many unsuspicious visitors to legitimate websites.

Alarmingly, Joomla seems to be favorite for cyber crooks. Arbor Networks and other security firms recently have been tracking a botnet called Fort Disco. The campaign is launched client-side targeting Joomla and WordPress installations which are protected by weak passwords and investigation has discovered a hit-list of more than 400,000 domains.

Though the campaign discovered by Versafe is different, it serves as example of criminals targeting vulnerable platforms to leverage the legitimacy of a given domain.

Prolexic released a report in July 2013 analyzing trends during Q2 of 2013 in DDoS stating that growth in size, longevity and strength of DDoS attacks in second quarter is because of increasing prevalence of compromised Joomla sites.

Joomla released the patch on 31st July 2013 which applies to users of Joomla 2.5.13 and prior 2.5.x versions and in addition to Jooma 3.1.4 and previous 3.x versions. Functional to Joomla's versions '2.5.14' and '3.1.5', the fix cures a bug that permits unprivileged Internauts to uploading of arbitrary .PHP files as well, security researchers conclude.

» SPAMfighter News - 8/23/2013