Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Netcraft Reveals: Hijacked WordPress Blogs Hosted 12% of Phishing Websites in February 2014

News.netcraft.com published a report on 24th March, 2014 quoting Netcraft, an Internet security research and services company, as saying "Compromised WordPress blogs, a large renowned blog-hosting service, were used to host around 12,000 phishing sites in February 2014 and 7% of phishing attacks were blocked during that month."

According to Netcraft, during February 2014, a quarter of phishing sites were hosted on hacked WordPress blogs picked on PayPal users followed by 17% targeting customers of Apple.

Besides phishing, compromised blogs are also used for hosting malware as more than 8% of links Netcraft blocked orphaned for malware on WordPress blogs during February 2014 which represents 19% of IP addresses used.

Latest survey of Netcraft revealed that nearly 27 million websites running on WordPress spread across 1.4 million different IP addresses and 12 million distinct domain names. Many of these blogs are vulnerable to attacks of brute-force password guessing by virtue of the predictable location of the administrative interface and widespread use of the default "admin" username.

Interestingly, WordPress in its lifetime has been plagued by security issues in its core code as well as in numerous third-party plugins and themes which are available. One of the most widespread vulnerabilities was discovered in the TimThumb plugin during this decade which was bundled with many WordPress themes and accordingly present on a large number of WordPress blogs.

A little flaw in validation made it possible for remote attackers to make the plugin download remote files and store them on the website which allowed attackers to install PHP scripts on vulnerable blogs facilitating the installation of malware and phishing kits. Netcraft says that similar vulnerabilities are still being exploited today.

Netcraft relates the latest story of a botnet of more than 162,000 WordPress blogs which was used in DDOS (distributed denial of service) attack against a web site.

It is recommended to hold appropriate updated software at WordPress along with other content management systems. According to recent study by Netcraft, web servers are popular target for thieves who are always looking for new hosting options for malware and phishing sites.

ยป SPAMfighter News - 3/31/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page