Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Flash Exploits Malign Hacked WordPress Websites - Zscaler

Internet security company Zscaler spotted a new campaign which uses compromised WordPress sites to redirect users to websites hosting Flash exploits.

This new campaign appears to be using the Neutrino Exploit Kit and uses a combination of hacked WordPress sites, Internet Explorer, hidden iframes, a hacking Team Flash exploit and CryptoWall ransomware.

Researchers of Zscaler are explaining that the starting point of this new campaign exists in more than 2,600 hacked WordPress sites to which attackers have gained login credentials and have infected more than 4,200 pages with a hidden iframe that mutely redirects users to landing pages which are infected with malware.

As a common design, all hacked WordPress sites appear to be running a version of CMS (Content Management System) of 4.2 and prior to that.

On these landing pages, a single Flash SWF file is served but only to users of Internet Explorer and only once, file which leverages the CVE-2015-5119 Flash zero-day exploit to infect the PC of users with a CryptoWall ransomware.

Researchers of Zscaler observed that the initial Neutrino Flash SWF file contains a secondary SWF which is ultimately used to deliver the malware payload.

Securityweek.com published news on 22nd August, 2015 quoting Zscaler as saying "This operation also reconfirms that Neutrino EK (Exploit Kit) action is increasing and it is still a major competitor in the exploit kit field."

Angler remains the most dangerous as its keepers rapidly incorporate exploits for newly reported zero days and this recent increase of Neutrino traffic could be linked to several reasons: maybe this actor was expelled from buying Angler; a sharp change in pricing; or this could just be a test run using Neutrino.

Threatpost.com published news on 21st August, 2015 quoting a statement written by Brad Duncan, Security Engineer of cloud computing company Rackspace and SANS ISC handler as: "If this change highlights a trend, we might see a large number of hijacked websites pointing to Neutrino EK along with a simultaneous drop in Angler EK traffic. However, criminal gangs using these EKs have hurriedly altered tactics in the past and circumstances might vary by the time you read this."

» SPAMfighter News - 8/31/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page