Malware Assault Targets WordPress

M86 Labs the security company states that the infamous 'Phoenix' attack toolkit was recently found exploiting vulnerability within WordPress version 3.2.1, published V3.co.uk dated January 31, 2012. As observed, during the past days, the attack infected hundreds of websites, the company said.

The attacker, to get Web-surfers land on compromised sites, dispatched thousands of spam mails inquiring about an unknown invoice as also directing recipients that they should follow a given web-link. This web-link apparently, takes onto a web-page that's part of the hijacked WordPress sites. Moreover, the sites, which contain an invisible iFrame, look lawful to anti-spam solutions, while the iFrame as such downloads the Phoenix by connecting to a Russian-based Web-server.

Landing on the web-page, however, places the Web-surfers precariously on a site, which tries to abuse several vulnerabilities within Adobe's Flash and PDF, Microsoft's Internet Explorer, as well as Oracle's Java. Eventually, the assault disseminates Cridex-B, an information-stealing Trojan virus.

Here it maybe mentioned that the abusive site uses the hosting service of horoshovsebudet, a Russia-based domain that approximately means "Everything will be fine." Additionally, by determining the client computer's User Agent, the Phoenix toolkit produces one tailored attack page, which creates a code for abusing the several vulnerabilities stated above.

Principal Security Researcher at Websense, Stephen Chenette said that an analysis by his organization showed a steady growth in infections, numbering around 100. ComputerWorld UK published this on January 31, 2012. A close examination of the bulk code-insertion scam by Websense suggested that the perpetrator was indeed experienced.

Meanwhile, security investigators from M86 are sure that cyber-criminals are utilizing the hijacked websites of WordPress like diversions onto the exploit site, allowing Web-query traffic from the junk e-mails followed with sending the end-users to the exploit sites. M86 Security's blog published this on January 30, 2012.

Moreover, during the past, WordPress has been a highly preferable attack point for hackers. Several scam as well as botnet operations have utilized hijacked personal websites for diverting traffic onto exploit pages as also enticing visitors doing searches for widely-familiar keywords.

Nevertheless, the firm has urged Web-surfers for maintaining caution should they find web-links within unsolicited or dubious e-mails.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 2/7/2012