Infected WordPress Sites Connected to Trojans on Approx. 700,000 Macs

Infected WordPress Sites Connected to Trojans on Approx. 700,000 Macs


According to security software firm Kapersky, the recent Apple Mac Flashback Trojan that made such a splash in the news recently can most likely trace its roots back to infected WordPress sites.

Alexander Gostev from the Kaspersky Lab Global Research and Analysis Team explains how compromised WordPress sites were used to infect Macs, “From September 2011 to February 2012, Flashfake was distributed using social engineering only: visitors to various websites were asked to download a fake Adobe Flash Player update. It meant the Trojan was being distributed as installation archives named ‘FlashPlayer-11-macos.pkg,’ ‘AdobeFlashUpdate.pkg,’ etc.”

According to Gostev, in March 2012 approximately 700,000 computers worldwide were infected with the Trojan. He says, “The infected computers are combined in a botnet which enables cybercriminals to install additional malicious modules on them at will. One of these modules is known to generate fake search engine results. It is quite possible that, in addition to intercepting search engine traffic, cybercriminals could upload other malicious modules to infected computers – e.g. for data theft or spam distribution.”

As we reported last month, the internet security firm Sucuri stated that in the cases they analyzed, the infected sites were either running an outdated version of WordPress or a vulnerable plugin. Attackers were also said to be gaining entrance to sites via weak passwords.

(If you would like to test your site for hacks and malware, Sucuri has an easy to use site-checker.)

In somewhat related news (though not directly related to this situation), WordPress has just released WordPress 3.3.2 – which is a SECURITY release. In other words, the new version has important security updates. You would be wise to update your site as soon as possible.

Photo: Cute_Worm_In_Apple from BigStock