Thousands of WordPress sites sucked into BlackHole

Powered by SC Magazine
 

Exploits aging TimThumb vulnerability.

Researchers have discovered a spike in malware infecting thousands of WordPress web sites that use a popular image tool.

The attacks came to light after French media outlet the Poitou-Charentes Journal began hosting on malware on its WordPress site.

Avast senior researcher Jan Sirmer found attackers had exploited weak FTP server authentication credentials and a vulnerability in the TimThumb image resizer to upload malicious PHP files to the site.

The attack used the BlackHole exploit kit which redirected the web site's visitors to an external malware-hosting site.

An additional 3500 unique infected Word Press sites were detected by Avast redirecting visitors to malicious sites between August 28 – 31. During September it blocked redirects from 2515 WordPress sites, Sirmer said.

In total, some 151,000 users had been hit with the malicious redirect from other compromised WordPress sites.

"I expect October results will be similar,” Sirmer said.

“The Poitou-Charentes Journal is just one part of a much bigger attack. These compromised sites are part of a network which redirected vulnerable users to sites distributing an array of malware.”

The vulnerability in the TimThumb resizer identified in August exists in the way the tool fetches images from websites like Flickr and Photobucket.

The utility runs only a partial check on hostnames meaning hackers could upload and execute arbitrary php code in the .php cache directory.

Sirmer recommended WordPress sites employ strong login credentials. A fix was available for the TimThumb tool.

Copyright © SC Magazine, Australia


Thousands of WordPress sites sucked into BlackHole
 
 
 
Top Stories
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
The CISO’s dilemma: Do you trust your partner’s partner?
[Blog post] How far down the chain do you check?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 321

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 126

Vote