Malware on 6,000 sites based on WordPress

A large number of websites based on WordPress is exploited to take control of users’ computers. Still unknown the cause before, but we think of a vulnerability in a plugin platform CMS.

The security firm Sucuri has published a speech on his blog giving prominence to a problem that is affecting a number of websites based on WordPress CMS, used by a group of attackers in order to take control of as many systems as possible endpoint.

It is a real ” criminal campaign ” began 15 days ago but only in recent days did jump over 6,000 compromised sites. The latter are used to direct unsuspecting users to a server hosting attack code made available by the exploit kit Nuclear, sold on the black market. The server attempts a variety of different exploits based on the operating system and the apps on the visitor’s computer.

Daniel Cid, CTO of the company Sucuri, commented: ” On second thought, the compromised websites are means that criminals use to gain access to as many desktops endpoints possible. What is the easiest way to reach the end of end user? Web sites, of course. ”

It has not yet been possible to determine how goods have been compromised websites, but there is a strong suspicion that the primary cause is a vulnerability in a few WordPress plugins that is so infected with malware.

Meanwhile, 17% of the compromised sites are already finished in the blacklist of the Google service that alerts users when they are about to access a web resource potentially harmful. The blog Sucuri noted as among the hacked sites, there is also that of another provider of security solutions, Coverity, which is also used as the unwitting actor in the criminal campaign.

Sucuri has not provided any information that could help to identify the compromised sites: those who have the responsibility of running a website based on WordPress can use the tools made available to scan the same Sucuri and remove any malware.