Number: IRCNE2015092629
Date: 2015/09/18
According to “zdnet”, a new, active malware campaign has compromised thousands of Wordpress websites in a matter of days, placing visitors at risk.
The new campaign, detected by SucuriLabs, began 15 days ago but the rate of compromised websites has spiked in the last few days, according to the security firm's CTO Daniel Cid.
From the 15th to 17th of this month, the rate of infection has surged from 1,000 compromised websites a day to approximately 6,000 -- and we are yet to see if this uptake slows down.
The hijacked websites are being compromised with the "visitorTracker_isMob" malware which redirects as many visitors as possible to a landing page infected with a Nuclear Exploit Kit.
The Nuclear Exploit kit is one of the most widely-used exploit delivery methods on the web and contains zero-day exploits for a variety of software.
Once a user lands on the malicious page, the kit probes the potential victim's system, seeking unpatched vulnerabilities which can be exploited by Nuclear's payloads. If unpatched and outdated software is discovered -- or zero-day vulnerabilities are being exploited -- the victim's machine becomes compromised, potentially leading to surveillance and data theft.
The malware campaign, dubbed VisitorTracker due to the function name used in all of the injected javascript files, appears to infect websites through new vulnerabilities within plugins installed on Wordpress.
Out of thousands of websites infected through the new campaign, the security researchers say 95 percent of them rely on Wordpress -- and 17 percent of them have already been blacklisted by Google.
Webmasters should make sure their plugins are all up-to-date to prevent exposure and blacklisting by the web's most popular search engine.
- 10