Hundreds of websites based on WordPress 3.2.1 have been compromised, with visitors redirected to drive-by attack sites.
Threatpost reports that the exploit works by creating a page on a compromised WordPress site which redirects users to a drive-by attack site. The attack site then uses the Phoenix exploit kit to attack a victim’s computer.
Because most email filters have a list of suspicious websites, spam emails that link to a known attack site are usually blocked. However, by sending spam emails with links to a compromised WordPress site and then redirecting users from there, hackers are able to avoid being detected by email filters.
The news comes just days after a persistent cross-scripting flaw was discovered in the WordPress installation process. Alarmingly, WordPress officials say they aren’t planning to patch the installation vulnerability.
It is unclear at this time if the two issues are related.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.