Hijacked WordPress Websites made to Sisseminate Ransomware

In the very recent past, Sucuri researchers issued one threat advisory warning of certain malware campaign which exploited hijacked WordPress websites for thrusting a malicious program named Backdoor.Andromeda with the aid of Neutrino Exploit Kit (NEK).

Currently according to security investigators at Heimdal Security, who too cite the same malware attack, the operation has been observed disseminating the notorious TeslaCrypt ransom malware in a version that VirusTotal detects at an extremely low rate of only two virus engines out of 56 making a successful detection.

Web hackers hijacked the sites with the use of complicated JavaScript code that caused Web-surfers to get diverted onto certain domain harboring NEK. NEK is bought and sold through a kits-as-a-service model. Now after the diversion, the exploit kit scrutinizes for security flaws within Adobe Acrobat or Reader; Flash; Silverlight; and Internet Explorer. Incase vulnerability is discovered, its exploitation causes Teslacrypt to be delivered. Other ransomware programs, like Cryptowall etc., identically contaminate victims' computers.

Heimdal Security states that its researchers have already destabilized no less than 85 domains that are disseminating the ransomware. The uniqueness of the particular campaign lies in the aftermath of hijacking the WordPress sites. Once compromised, the attackers employ malicious software which by default inserts JavaScript files carrying malevolent script. For more domains getting the identical server's hosting facility, infection grasps them too, and in case an attempt is made for sanitizing any one website, remaining sites would conversely contaminate it soon after.

The above particular characteristic let the campaign's continuity as well as even proliferation while incase initially it was simply thrusting irritating adverts, a couple of days later, Malwarebytes noticed that it began diverting Web-surfers onto NEK. WordPress happens to be one quite frequent target for online criminals, considering its popularity among websites for managing content. Infosecurity-magazine posted this, February 4, 2016.

People owning WordPress sites looking to maintain their end-users' and servers' security need to always maintain their OS and other software up-to-date; keep data backups; as well as deploy security software which would filter e-traffic while safeguard from ransomware that conventional AV solutions can't spot or stop.

» SPAMfighter News - 2/11/2016