The Latest in IT Security

WordPress Compromise Campaign: From Nuclear EK To Angler EK

18
Feb
2016
WordPress Compromise Campaign: From Nuclear EK To Angler EK

wpress11

A couple of weeks ago we blogged about an attack against WordPress sites initially discovered by Denis Sinegubko over at Sucuri. The campaign is still going on but quickly evolved, as reported by DeepEnd Research, with a change in its URL pattern from “/admedia/” to “/megaadvertize/”.

According to our honeypot data, this change happened around Feb. 4th and has been active as it ever since. Besides some pattern changes in the URL, the redirection mechanism is different from the initial campaign as well as its payload. Indeed the Admedia campaign was pushing the Nuclear exploit kit whereas this one is delivering Angler.

Read More

Leave a reply


Categories

THURSDAY, NOVEMBER 23, 2017

Featured

Archives

Latest Comments

Social Networks