A reported 3,500 WordPress powered websites are exposing visitors to the Black Hole exploit kit thanks to vulnerability within the TimThumb plug-in along with stolen or easy-to-guess FTP credentials.Jan Sirmer of Avast! Security firm posted a blog on Halloween, outlining the steps webmasters can take to check and see if their WordPress-driven site has been compromised by evil doers in hopes of redirecting visitors to websites that will attempt to install malware.
If your WordPress site has indeed been compromised, then you will see new files with names like:
./wp-content/w3tc/min/a12ed303.925433.js
or
./wp-includes/js/l10n.js
These files contain obfuscated code that ultimately will generate an iframe that redirects your website visitors to another domain that’s housing the Black Hole exploit kit.
Upon landing on the attack domain, users will find just how vulnerable their computers are, as malware will attempt to make its way onto their system by exploiting any number of the computer’s vulnerabilities (typically related to Java, IE or Adobe Reader).
Cybercrooks can purchase the Black Hole exploit kit – among others – on the black market for a good chunk of change ($1,500!) or simply grab a stripped-down, free version of it if they prefer to indulge in malicious activity without making a monetary investment in it.
WordPress site owners can protect themselves by a) making sure they have the most recent version of the TimThumb plug-in and b) use strong login credentials to prevent hackers from guessing it.
Web surfers have the best chances of surviving a Black Hole exploit kit attack by keeping their system up-to-date and running full antivirus protection software with real-time scanning to catch malware as it attempts to make its way onto your machine.
Photo Credit: thebadastronomer || Altered by Marquisa Kirkland
Be sure to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest computer security threats.
No comments:
Post a Comment