Netcraft Reveals: Hijacked WordPress Blogs Hosted 12% of Phishing Websites in February 2014

News.netcraft.com published a report on 24th March, 2014 quoting Netcraft, an Internet security research and services company, as saying "Compromised WordPress blogs, a large renowned blog-hosting service, were used to host around 12,000 phishing sites in February 2014 and 7% of phishing attacks were blocked during that month."

According to Netcraft, during February 2014, a quarter of phishing sites were hosted on hacked WordPress blogs picked on PayPal users followed by 17% targeting customers of Apple.

Besides phishing, compromised blogs are also used for hosting malware as more than 8% of links Netcraft blocked orphaned for malware on WordPress blogs during February 2014 which represents 19% of IP addresses used.

Latest survey of Netcraft revealed that nearly 27 million websites running on WordPress spread across 1.4 million different IP addresses and 12 million distinct domain names. Many of these blogs are vulnerable to attacks of brute-force password guessing by virtue of the predictable location of the administrative interface and widespread use of the default "admin" username.

Interestingly, WordPress in its lifetime has been plagued by security issues in its core code as well as in numerous third-party plugins and themes which are available. One of the most widespread vulnerabilities was discovered in the TimThumb plugin during this decade which was bundled with many WordPress themes and accordingly present on a large number of WordPress blogs.

A little flaw in validation made it possible for remote attackers to make the plugin download remote files and store them on the website which allowed attackers to install PHP scripts on vulnerable blogs facilitating the installation of malware and phishing kits. Netcraft says that similar vulnerabilities are still being exploited today.

Netcraft relates the latest story of a botnet of more than 162,000 WordPress blogs which was used in DDOS (distributed denial of service) attack against a web site.

It is recommended to hold appropriate updated software at WordPress along with other content management systems. According to recent study by Netcraft, web servers are popular target for thieves who are always looking for new hosting options for malware and phishing sites.

» SPAMfighter News - 3/31/2014