It was only a matter of time before computer hackers figured out a way to infect WordPress – a popular blogging platform. Computers security experts are still not sure how the websites are being compromised, but there are publicly known exploits for vulnerabilities that affect WordPress 3.2.1. If you have not updated to the most recent WordPress Installation, please update as soon as possible by going to the WordPress Update Center.
According to the Security analysts, once they gain unauthorized access to a blog, the attackers inject malicious JavaScript code into its pages in order to load a Java exploit from a third-party server. This javascrictp loads and installs the TDSS Rootkit, which is one of the stealthiest rootkits in the wild, Chenette, a security annalist said. “Its goal is to acquire total control of infected PCs and use them as zombies for its botnet.”
The CVE-2011-3544 vulnerability started being targeted by most exploit toolkits in December 2001. These attack frameworks usually contain exploits for vulnerabilities in several software products like Adobe Reader, Flash Player and Java.
According to M86 security researcher Daniel Chechik, the people behind these attacks are luring victims to the infected websites by sending them spam emails that contain malicious links. The fact that these links lead to legitimate blogs helps attackers bypass URL reputation filters, Chechik said in a blog post on Monday.
It’s not clear if the attacks analyzed by M86 Security and Websense are perpetrated by the same gang, but since they both target WordPress 3.2.1 blogs, webmasters are urged to upgrade to the latest version of WordPress, which at this time is 3.3.1.
In order to protect themselves from exploits, Web users should keep the software installed on their computers up to date, especially their OS, browser and browser plug-ins.
