Malware Campaign Hits Reader’s Digest

The WordPress publishing platform is being hit by a malware campaign that has affected high-profile websites including that of the magazine Reader’s Digest, according to an IT security firm.

The infections mean that visitors to affected websites can receive malware simply by viewing pages, if they are using outdated versions of Internet Explorer, Adobe Flash or other vulnerable software, according to Malwarebytes.

Sharp rise in infections

The campaign may have been going on for some time, but a sharp increase in infections has occurred over the past two weeks, according to Malwarebytes researcher Jérôme Segura. It is ongoing, with thousands of sites already infected and dozens more affected each day, he said.

Malwarebytes contacted Reader’s Digest about the issue last week, but received no response, and as of Monday the site was still delivering malware, according to Segura.

“We hope that by making this public we will raise awareness and prevent unnecessary infections,” he wrote in a blog post.

The campaign infects sites with Angler, an exploit kit consisting of ready-made malicious scripts, and uses a number of web addresses that in turn redirect to malicious URLs containing a malware payload, Segura said.

Angler exploits up to Flash Player version 19.0.0.207, which was patched by Adobe on 16 October.

Malicious payload

The payload involved varies from site to site and from day to day, but Segura said one payload in use is a piece of malware known as Bedep, which in turn loaded Necurs, a backdoor Trojan. Necurs, like other Trojan horses, allows attackers to install the malicious code of their choice on a user’s system.

The attack payloads used so far seem to target only Windows systems, according to Malwarebytes.

The malware campaign attacks WordPress via unidentified vulnerabilities that lie either in the platform itself or in its plugins, Segura said. He added that the bugs have probably already been patched, with the affected sites using outdated versions.

The website of The Independent , also based on WordPress, was found to be infected by such malware last week.

Reader’s Digest did not immediately respond to a request for comment.

Are you a security pro? Try our quiz!