Jump to content

30,000 WordPress blogs infected


securitybreach

Recommended Posts

securitybreach
Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense said in a blog post on Monday.

 

The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said.....

 

More than 85 percent of the compromised sites were located in the U.S., but their visitors were geographically dispersed. "The attack may be specific to the U.S. but everyone is at risk when visiting these compromised pages," Sharf said.

 

Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks, said David Dede, a security researcher with website integrity monitoring firm Sucuri Security. "It seems the attackers are trying everything lately."...

http://www.networkworld.com/news/2012/0306...-to-256993.html

Link to comment
Share on other sites

securitybreach
Yup. Saw this on /. earlier.

Yeah this is the source that Slashdot quoted. I also read it there first. B)

Link to comment
Share on other sites

securitybreach

As long as you are up to date (wordpress/plugins) and you have decent password set, you should be fine. Just check the plugins page for any unknown plugins.

Link to comment
Share on other sites

V.T. Eric Layton

I'm not affected by this because I'm on wordpress.com (free blogs). This is only for those using wordpress.org's blogging software on their own servers.

Link to comment
Share on other sites

securitybreach
I'm not affected by this because I'm on wordpress.com (free blogs). This is only for those using wordpress.org's blogging software on their own servers.

True. I have the software on my server but I keep everything up to date using pacman.

Link to comment
Share on other sites

V.T. Eric Layton

Yup. Now if we could just get you to post an article or two on your blog. Actually, this newsflash about the wordpress security hole would be a good item to post on your blog. :yes:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...