Wordpress a vector for Flashback

Powered by SC Magazine
 

iFrames used to infect users.

Some 140,000 Macs remain infected with the Flashback trojan.

Statistics from Symantec's  sinkhole are showing declining numbers on a daily basis, but not an overall clean-up.

It was initially rumoured that around 600,000 Macs were infected with Flashback on 9 April; this dropped to 380,000 on 10 April and then to 225,000 on 13 April when Apple issued a software update to fix the issue.

The Symantec analysis also revealed that the malware was receiving updated information via Twitter about which command-and-control servers to contact for additional instructions. This is accomplished "by searching for specific hashtags generated by the [Flashback] hashtag algorithm", according to the vendor.

Research from Kaspersky Lab found that its authors relied on infecting WordPress sites so that when unsuspecting users visited, they were silently redirected to a site that installed Flashback via a drive-by download.

Alexander Gostev, head of Kaspersky Lab's global research and analysis team, said that from February to March, thousands of sites created on the popular publishing platform were poisoned when their webmasters were running vulnerable versions of WordPress.

“Approximately 85 per cent of the compromised WordPress sites are located in the United States.”

Kaspersky Lab said that WordPress is a very popular platform for attackers to target as there is not a whole lot it can do if people neglect to update their WordPress or plug-in software.

In late January, Websense began tracking the outbreak on WordPress, with the number of WordPress blogs that had been compromised said to be gradually growing; a vulnerable version of WordPress, 3.2.1, was updated in December but was still widely in use.

Websense said that attackers were using automated scanners to find vulnerable sites, then taking advantage of input validation errors to embed IFRAMEs, which redirected users to exploited sites.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1803

Vote
Do you support the abolition of the Office of the Information Commissioner?