A new wave of mass-injections of a fake antivirus campaign that appears to be targeting sites hosted by popular blogging platform WordPress, according to Websense it has detected
The company says that it has been tracking the threat for the last few months and that more than 200,000 web pages have been affected on nearly 30,000 websites
The page looks like a Windows Explorer window, albeit Windows XP, but in reality is simply a pop-up within the web browser. It tells users to download and run a bogus antivirus tool to remove the Trojans, but the fake software is in fact itself a Trojan.
Websense reports that although 85 percent of the compromised sites are located in the US, visitors are more widely dispersed. Rogue antivirus campaigns have long affected users of Windows and last year, Apple was forced to admit the threat of MadDefender scareware and issue instructions on how to avoid it or remove it.
“Websites can often get hacked through known security issues where software (the type used to host the site) is not kept up to date,” commented Mark James, technical team leader at ESET UK. Furthermore, compromised servers that have code injected into the website itself at source, again through poor security or “backdoors”, pose a problem.”
“Another security issue that can happen, is people forget to reset/change ‘default’ passwords or administrator logins when they use ‘off the shelf’ or free software,” he added. Often these programmes have secret access keys built in that need to be changed and will thus allow complete access to the system. “
He recommends that if a user is redirected they should, rather sensibly but fairly obviously, stop what they are doing, close the browser either “forcefully or gracefully” before rebooting and running a full antivirus scan.
This new security threat comes almost exactly a year after WordPress was hit by a large Distributed Denial of Service (DDoS) attack that affected connectivity to a number of its hosted blogs. The attack was the largest that the blogging platform had ever seen and was said to have originated from China. It later admitted that the hackers had gained access to multiple servers and stole the source code that powered the blogs of many of its customers.
Are you safe from Trojans? Take our quiz
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform