Jump to content


30,000 WordPress blogs infected


  • Please log in to reply
7 replies to this topic

#1 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 15,500 posts

Posted 07 March 2012 - 12:35 PM

QUOTE
Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense said in a blog post on Monday.

The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said.....

More than 85 percent of the compromised sites were located in the U.S., but their visitors were geographically dispersed. "The attack may be specific to the U.S. but everyone is at risk when visiting these compromised pages," Sharf said.

Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks, said David Dede, a security researcher with website integrity monitoring firm Sucuri Security. "It seems the attackers are trying everything lately."...

http://www.networkworld.com/news/2012/0306...-to-256993.html
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#2 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 18,610 posts

Posted 07 March 2012 - 12:39 PM

Yup. Saw this on /. earlier.

Posted Image


#3 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 15,500 posts

Posted 07 March 2012 - 12:49 PM

QUOTE (V.T. Eric Layton @ Mar 7 2012, 10:39 AM) <{POST_SNAPBACK}>
Yup. Saw this on /. earlier.

Yeah this is the source that Slashdot quoted. I also read it there first. cool.gif
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#4 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 15,500 posts

Posted 07 March 2012 - 01:03 PM

As long as you are up to date (wordpress/plugins) and you have decent password set, you should be fine.  Just check the plugins page for any unknown plugins.
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#5 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 18,610 posts

Posted 07 March 2012 - 01:06 PM

I'm not affected by this because I'm on wordpress.com (free blogs). This is only for those using wordpress.org's blogging software on their own servers.

Posted Image


#6 OFFLINE   securitybreach

securitybreach

    CLI Phreak

  • Forum Admins
  • 15,500 posts

Posted 07 March 2012 - 02:15 PM

QUOTE (V.T. Eric Layton @ Mar 7 2012, 11:06 AM) <{POST_SNAPBACK}>
I'm not affected by this because I'm on wordpress.com (free blogs). This is only for those using wordpress.org's blogging software on their own servers.

True. I have the software on my server but I keep everything up to date using pacman.
Posted ImagePosted Image Posted Image
CNI Radio/Archlinux G+/Configs/PGP Key π

"Do you begin to see, then, what kind of world we are creating? It is the exact opposite of the stupid hedonistic Utopias that the old reformers imagined. A world of fear and treachery and torment, a world of trampling and being trampled upon, a world which will grow not less but more merciless as it refines itself. Progress in our world will be progress toward more pain." -George Orwell, 1984

#7 OFFLINE   V.T. Eric Layton

V.T. Eric Layton

    Nocturnal Slacker

  • Forum MVP
  • 18,610 posts

Posted 07 March 2012 - 02:32 PM

Yup. Now if we could just get you to post an article or two on your blog. Actually, this newsflash about the wordpress security hole would be a good item to post on your blog. happy62.gif

Posted Image


#8 OFFLINE   Temmu

Temmu

    The Assimilator

  • Forum MVP
  • 11,721 posts

Posted 22 March 2012 - 10:37 PM

wow, sorry, just read.  clever criminals. again.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users