Security Alert: Is Your WordPress Site Hosting Blackhole Malware?


According to security firm Sophos
, a major malware campaign now underway is using insecure WordPress sites (not up-to-date secured sites) to install harmful software on the computers of unwitting visitors.

The campaign works like this:

  1. An email is sent to a random person with the subject line, “Verify your order.”
  2. In the email is a link to a malware-infected WordPress site. (These are legitimate sites that have been compromised.)
  3. Clicking on the link takes the person to the infected site, and an attempt is made to install malware onto the visitor’s PC by using the Blackhole Exploit Kit.

The emails, says Sophos, typically take the following form:

Subject: Verify your order

Message body:

Dear [name], please verify your order #[random number] at [LINK]

We hope to see you again soon!

Featured Plugin - WordPress Ecommerce Shopping Cart Plugin

Out of all the WordPress ecommerce plugins available, MarketPress has got to be the winner - easy to configure, powerful functionality, multiple gateways and more. A simply brilliant plugin!
Find out more

Sophos also reports an uptick in similar phishing schemes using “emails posing as traffic tickets from NYC, rejected wire transfer notifications and fake Facebook photo tag notifications.”

According to Sophos, they have detected the following malware in relation to this current campaign: Troj/PDFEx-GD, Troj/SWFExp-AI, Mal/ExpJS-N and Troj/Agent-XDM.

It should be repeated that this is not an issue with the current version of WordPress, and so it is recommended to make sure you have the latest version of WordPress, as well as up-to-date versions of all your plugins.

A quick and easy place to check your site for malware is Sucuri.net’s site-check page.

Featured Plugin - WordPress Google Maps Plugin

Simply insert google maps into posts, sidebars and pages - show directions, streetview, provide image overlays and do it all from a simple button and comprehensive widget.
Find out more

Photo: Other Danger Sign from BigStock

Tags

Comments (3)

  1. Good article.

    This seems to be the latest trends, been going for a while. It’s very interesting to see the resurgence of email phishing, but more so of the combination of Phishing with Malware. What really stinks about Phishing sites like these are that there aren’t any links externally from the main site, its one of those things you have to know exists and have a direct link to.

    If people fine these I’d encourage them to add to the http://www.phishtank.com/ website. Doing so would greatly help, or let someone know, like us at Sucuri so that we can push upward from there.

    Thanks

Participate