Joomla And WordPress Bulk Exploit serving Fake Antivirus Malware

Dec 11, 2012 | comments

Many Joomla and some WordPress sites exploited and hosting IFRAMES pointing to bad places :

Joomla And WordPress Bulk Exploit



Fake antivirus threats display a fraudulent scanning result to intimidate users into “purchasing” the fake antivirus program.WordPress and Joomla exploits have existed for years, and cybercriminals have thus been exploiting them for a long time. Yet the situation may have gotten slightly more serious as of late, as there appears to be a bulk exploit tool being used in the wild, targeting sites running both popular content management systems, and having them serve up fake antivirus malware to visitors.

The biggest pain is around Joomla users, particularly with extensions which greatly increase the vulnerability footprint and the one thing helping WordPress is the really nice feature of 1-button upgrades (and upgrades which don't tend to break your website.

The IFRAMES seem to have rapidly changing FQDN's that it is using but the common element is /nightend.cgi?8.  Two of the bad IPs that seem to be frequent offenders are 78.157.192.72 and 108.174.52.38.  Ultimately it pulls FakeAV software to do it's badness.

In other words, if you use WordPress or Joomla, get on the latest version as soon as possible. It’s unclear how widespread this attack is, but there is no excuse for using an insecure release of your content management system.

Make sure all your software is up-to-date and kept that way on a regular basis.
Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

 
Support : INDIATRIKS
Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger