The Tech Herald

Outdated WordPress installations hijacked by crime kits

by Steve Ragan - Jan 31 2012, 11:30

Outdated WordPress installations hijacked by crime kits. (IMG: J. Anderson)

Hundreds of websites developed with the WordPress platform were hijacked recently, and used to compromise systems leveraging a recently patched Java vulnerability. In each case, the compromised domain was using an outdated version of WordPress.

WordPress has been downloaded more than 60 million times since the 3.0 release in 2010. Since that time, there have been several fixes and patches to the blogging platform, including version 3.3.1, which was released on January 3. Over the weekend, Websense Security and M86 Labs discovered hundreds of domains running an outdated release of WordPress that were hosting malicious content. The hijackings were possible due to the exploitation of recently patched vulnerabilities.

It’s unknown if the compromised domains serving exploits taken from a recently updated Phoenix Exploit Kit, or something entirely new. Neither one of the security firms could agree on the kit itself, with M86 tagging it as Phoenix and Websense reporting that the exploits were part of the Incognito Kit.

What is known is that the hijacked domains were serving an individual page that was unrelated to the rest of the site’s content.

“In fact, accessing any page on these compromised WordPress sites, other than the uploaded page, will not infect the user’s machine. The general motivation of attackers to compromise websites is mainly to bypass URL reputation mechanisms, spam filters and certain security policies,” commented Daniel Chechik of M86.

That the page was using embedded code to target the Java Rhino vulnerability and of the PDF Libtiff vulnerability, each one recently patched by Oracle and Adobe respectively.

Each of the hijacked domains were using WordPress version 3.2.1, which was initially released in July 2011. Since that time, dozens of plugins for WordPress have been singled out as being vulnerable to a range of issues including Cross Site Scripting, SQL Injection, Remote Code Execution, and Remote File Inclusion. This includes the Tim Thumb plugin, which led to scores of compromises last summer.

WordPress can be updated from within the administration dashboard. Moreover, this area will allow plugins to be updated, as well as themes. Users are strongly encouraged to update their installations as soon as possible.

Around the Web

Comment on this Story

comments powered by Disqus
Security
Index
News
 
Features
Reviews

From Autosaur.com

Writer Iain buys BMW M5 after finding out he is dying

Best-selling author Iain Banks has revealed he bought a BMW M5 to tear around in after finding out he was dying of cancer. The Scottish writer — who famously sold his collection of expensive cars and stopped flying six years ago to reduce his carbon footprint — said he decided he could “indulge himself a [...]

The post Writer Iain buys BMW M5 after finding out he is dying appeared first on Autosaur.

Toyota is the most valuable car brand in the world

Japanese car giant Toyota is the most valuable automotive brand in the world, research shows. The brand is worth a massive $24.5billion — up by 12 per cent on the figure from a year ago. BMW came just behind in second at $24billion, followed by Mercedes-Benz ($17.9billion), Honda ($12.4billion), Nissan ($10.1billion) , Volkswagen ($8.7billion), Ford ($7.5billion), [...]

The post Toyota is the most valuable car brand in the world appeared first on Autosaur.

How to wash a car: The perfect formula

Tests have shown there is a perfect formula for how to wash a car — and boffins have even put it into a mathematical equation. The formula is below, but first a team of car experts found the top five tips for how to wash a car are as follows: 1) Always try to wash [...]

The post How to wash a car: The perfect formula appeared first on Autosaur.