securitybreach Posted March 7, 2012 Share Posted March 7, 2012 Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense said in a blog post on Monday. The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said..... More than 85 percent of the compromised sites were located in the U.S., but their visitors were geographically dispersed. "The attack may be specific to the U.S. but everyone is at risk when visiting these compromised pages," Sharf said. Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks, said David Dede, a security researcher with website integrity monitoring firm Sucuri Security. "It seems the attackers are trying everything lately."... http://www.networkworld.com/news/2012/0306...-to-256993.html Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted March 7, 2012 Share Posted March 7, 2012 Yup. Saw this on /. earlier. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 7, 2012 Author Share Posted March 7, 2012 Yup. Saw this on /. earlier. Yeah this is the source that Slashdot quoted. I also read it there first. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 7, 2012 Author Share Posted March 7, 2012 As long as you are up to date (wordpress/plugins) and you have decent password set, you should be fine. Just check the plugins page for any unknown plugins. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted March 7, 2012 Share Posted March 7, 2012 I'm not affected by this because I'm on wordpress.com (free blogs). This is only for those using wordpress.org's blogging software on their own servers. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 7, 2012 Author Share Posted March 7, 2012 I'm not affected by this because I'm on wordpress.com (free blogs). This is only for those using wordpress.org's blogging software on their own servers. True. I have the software on my server but I keep everything up to date using pacman. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted March 7, 2012 Share Posted March 7, 2012 Yup. Now if we could just get you to post an article or two on your blog. Actually, this newsflash about the wordpress security hole would be a good item to post on your blog. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.