A new wave of mass-injections of a fake antivirus campaign that appears to be targeting sites hosted by popular blogging platform WordPress, according to Websense it has detected
The company says that it has been tracking the threat for the last few months and that more than 200,000 web pages have been affected on nearly 30,000 websites
The page looks like a Windows Explorer window, albeit Windows XP, but in reality is simply a pop-up within the web browser. It tells users to download and run a bogus antivirus tool to remove the Trojans, but the fake software is in fact itself a Trojan.
Websense reports that although 85 percent of the compromised sites are located in the US, visitors are more widely dispersed. Rogue antivirus campaigns have long affected users of Windows and last year, Apple was forced to admit the threat of MadDefender scareware and issue instructions on how to avoid it or remove it.
“Websites can often get hacked through known security issues where software (the type used to host the site) is not kept up to date,” commented Mark James, technical team leader at ESET UK. Furthermore, compromised servers that have code injected into the website itself at source, again through poor security or “backdoors”, pose a problem.”
“Another security issue that can happen, is people forget to reset/change ‘default’ passwords or administrator logins when they use ‘off the shelf’ or free software,” he added. Often these programmes have secret access keys built in that need to be changed and will thus allow complete access to the system. “
He recommends that if a user is redirected they should, rather sensibly but fairly obviously, stop what they are doing, close the browser either “forcefully or gracefully” before rebooting and running a full antivirus scan.
This new security threat comes almost exactly a year after WordPress was hit by a large Distributed Denial of Service (DDoS) attack that affected connectivity to a number of its hosted blogs. The attack was the largest that the blogging platform had ever seen and was said to have originated from China. It later admitted that the hackers had gained access to multiple servers and stole the source code that powered the blogs of many of its customers.
Are you safe from Trojans? Take our quiz
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…