Wordpress mass infection continues to spread....

Wednesday, May 12, 2010

Jason Remillard


Thought you were safe in the forest this spring?

As reported yesterday, and now reinforced by our friends at wpsecuritylock.com, the godaddy malware infections continue to grow, and now seems to be spreading across different hosters and now targeted applications.

Not only Wordpress installs are being affected, but now Joomla and 'standard' html-based websites.  This lends more credence to our initial diagnosis that these hacks are actually the result of a platform-based attack, and spreading from the 'inside'. 

 More details will be released as we learn more.  In the meantime, if you are affected, please follow the instructions here and/or make sure you get a free malware/vulnerability scan here.  

Possibly Related Articles:
Vulnerabilities Webappsec->General
Post Rating I Like this!
Anthony M. Freed Jason - How can we know we if have a problem?

Jason Remillard Anthony... the easiest way is to check for a hidden ./files directory off of the root. Also, look in alll php files for a javascript decode (with alot of hex code) line, and also look in any javascript libraries for a very long (seemingly random) math command

Best bet of course, is to get setup for monitoring from us (or others) since internal hack is not the only vector for malware (ad networks are becoming more common now too)

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.