Wordpress mass infection continues to spread....

Wednesday, May 12, 2010

Jason Remillard

Ba5964a1284ac16d4277991e7225699c

Thought you were safe in the forest this spring?

As reported yesterday, and now reinforced by our friends at wpsecuritylock.com, the godaddy malware infections continue to grow, and now seems to be spreading across different hosters and now targeted applications.

Not only Wordpress installs are being affected, but now Joomla and 'standard' html-based websites.  This lends more credence to our initial diagnosis that these hacks are actually the result of a platform-based attack, and spreading from the 'inside'. 

 More details will be released as we learn more.  In the meantime, if you are affected, please follow the instructions here and/or make sure you get a free malware/vulnerability scan here.  

Possibly Related Articles:
13370
Vulnerabilities Webappsec->General
Wordpress
Post Rating I Like this!
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Jason - How can we know we if have a problem?

Thanks!
1273861833
Ba5964a1284ac16d4277991e7225699c
Jason Remillard Anthony... the easiest way is to check for a hidden ./files directory off of the root. Also, look in alll php files for a javascript decode (with alot of hex code) line, and also look in any javascript libraries for a very long (seemingly random) math command

Best bet of course, is to get setup for monitoring from us (or others) since internal hack is not the only vector for malware (ad networks are becoming more common now too)

1273863544
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.