Report: New Malware Campaign Targeting Vulnerable WordPress Plugins

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

Report: New Malware Campaign Targeting Vulnerable WordPress Plugins

Potential Google penatly

engine

2:38 pm on Sep 18, 2015 (gmt 0)

This looks a worrying development just getting under way, and as ever, the advice is make sure you have kept your WordPress files and plugins updated, or potentially, suffer from infecting users and their wrath, and immediately getting a Google penalty.

We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of sites. Report: New Malware Campaign Targeting Vulnerable WordPress Plugins [blog.sucuri.net]

We detected thousands of sites compromised with this malware just today and 95% of them are using WordPress. We do not have a specific entry point determined yet, but it seems to be a campaign targeting latest vulnerabilities in plugins. Out of all the sites we detected to be compromised, 17% of them already got blacklisted by Google and other popular blacklists.

not2easy

7:32 pm on Sep 19, 2015 (gmt 0)

If people are not sure about which plugins are vulnerable - not specifically for this particular malware but for any vulnerability issues - you can look up the plugins you are concerned about at the WP security scan site: [wpvulndb.com...]

Leosghost

7:43 pm on Sep 19, 2015 (gmt 0)

WordPress..the more you add to it..the weaker it gets..

bwnbwn

7:44 pm on Sep 19, 2015 (gmt 0)

well hell not2easy there looks to be 1600 of them and a large amount have been added recently. Looks like there is going to be a big wordpress wacking. This is exactly why I don't have use for wordpress just to much crap associated with using this CMS.
And Leosghost the slower it gets.

Leosghost

8:02 pm on Sep 19, 2015 (gmt 0)

The amazing thing is how many sites that use it , don't need to use either it or the add ons, they are small enough not to need a CMS, they use no comments, would be fine as just flat files ..

not2easy

9:10 pm on Sep 19, 2015 (gmt 0)

The amazing thing is how many sites that use it , don't need to use either it or the add ons, they are small enough not to need a CMS, they use no comments, would be fine as just flat files ..

Ahh, but that would require some learning.

WP itself is not the target (other than login attempts) and with a few basic settings and edits, it can be secure. It is the bells and whistles plugins that people add to their poorly secured installs that make that list so long. Many plugins only perform some cosmetic task that could be easily assigned to css. The number of people who don't get rid of the Admin as a privileged user is surprising as is the use of 'password' because it is easy to remember. No kidding. Some very simple and basic security steps are being skipped over. I am happy to see that WP has decided to make information widely available.

Leosghost

10:07 pm on Sep 19, 2015 (gmt 0)

Many plugins only perform some cosmetic task that could be easily assigned to css.

Yes..f'rinstance.."slide shows"..easily done, even "responsive" in pure CSS..or js and CSS for "older browsers".. the things on that list of plugins that could be done in a less ( or not at all ) vulnerable way..and I only looked at the first 10 pages..and then there is that when WP "update" the base or some plugin updates and affects others..it can all break and or become even more vulnerable..Oy!

Trouble magnet it is..