WordPress sites under attack by ad-scam malware
A massive malware campaign is underway that is being transmitted via WordPress websites, according to Denis Sinegubko, a senior malware researcher at security firm Sucuri.
To avoid detection, the malware uses encrypted code that mutates between websites, all of which attempts to inject an invisible iframe that hits an advertisement server through a domain created just for this purpose. The attacker takes care to only infect first-time visitors by setting a cookie that expires in 24 hours.
"This malware uploads multiple backdoors into various locations on the webserver and frequently updates the injected code," explained Sinegubko. "This means that if you host several domains on the same hosting account all of them will be infected via a concept known as cross-site contamination."
"It's not enough to clean just one site or all but one in such situations – an abandoned site will be the source of the reinfection," according to Sinegubko. "In other words, you either need to isolate every sites [sic] or clean/update/protect all of them at the same time!"
- check out this blog post at Sucuri
Attacker could take over a website using security hole in popular WordPress SEO plugin
Flaw in popular WordPress caching plugin could affect 1 million sites