WordPress Sites Under Attack From Newly Found Linux Trojan
A newly identified Trojan backdoor program exploits some 30 vulnerabilities in WordPress plug-ins and themes in order to breach websites based on the WordPress content management system. It only needs to abuse one of those flaws to execute an attack.
Researchers from Doctor Web who discovered two iterations of the malware — dubbed Linux.BackDoor.WordPressExploit.1 and Linux.BackDoor.WordPressExploit.2 — said sites running outdated or unpatched versions of these WordPress tools are at risk of harboring malicious JavaScripts that redirect site visitors to nefarious websites, and should update those programs ASAP.
And here's a scary twist: "An analysis of an uncovered trojan application, performed by Doctor Web's specialists, revealed that it could be the malicious tool that cybercriminals have been using for more than three years to carry out such attacks and monetize the resale of traffic, or arbitrage," the researchers wrote about the malware, which targets 32-bit versions of Linux and also can run on 64-bit versions of the platform.
Hundreds of WordPress Sites Infected by Recently Discovered Backdoor
People who use WordPress should check their sites for unpatched plugins:
The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said. It's also able to disable event logging, go into standby mode, and shut itself down. It gets installed by exploiting already-patched vulnerabilities in plugins that website owners use to add functionality like live chat or metrics-reporting to the core WordPress content management system.
"If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts," Dr.Web researchers wrote. "As a result, when users click on any area of an attacked page, they are redirected to other sites."
Searches such as this one indicate that more than 1,300 sites contain the JavaScript that powers the backdoor. It's possible that some of those sites have removed the malicious code since the last scan. Still, it provides an indication of the reach of the malware.
[...] WordPress plugins have long been a common means for infecting sites. While the security of the main application is fairly robust, many plugins are riddled with vulnerabilities that can lead to infection. Criminals use infected sites to redirect visitors to sites used for phishing, ad fraud, and distributing malware.
(Score: 3, Interesting) by mcgrew on Friday January 06, @08:53PM
The author's page on Goodreads requires RSS (wrote about it here [soylentnews.org]). It looked like the easiest way was to generate an XML file with WordPress. I've never liked code generators and have always done everything by hand, so I spent a few minutes learning how to write an XML file.
Phew! Glad I followed my instincts!
Carbon, The only element in the known universe to ever gain sentience