The Latest in IT Security

284,000 WordPress sites hacked? Probably not.

06
Jun
2012

This Amazon order confirmation email is a fake.

Every link leads to malware. Every link (there are 8 in this example – similar to this attack) leads to a different compromised WordPress site. And they all seem to be using one of the most common WordPress theme directory – check out the links:

  • http://maximconsulting.us/wp-content/themes/twentyten/—e.html
  • http://hampsteadelectrician.com/wp-content/themes/twentyten/—e.html
  • http://mormonwomenvoices.com/wp-content/themes/twentyten/—e.html
  • http://steppingstones-online.co.uk/wp-content/themes/twentyten/—e.html
  • etc.

Notice a trend? – The evil redirect html file (—e.html) is located in the “twentyten” theme directory of all of these sites – and all of the sites we checked in every other version of the phony Amazon order. A Google search tells us that there are 284,000 sites with a similar structure.

Of course this does not indicate an issue with the theme itself. Chances are that the exploit that has allowed hackers to take over these sites is in a plugin or maybe (less likely) the CMS itself. Using the “twentyten” directory is a safe bet for a hacking script since almost every WordPress installation will have it.

The malware targets known Adobe Reader and Acrobat exploits.

Leave a reply


Categories

MONDAY, JULY 22, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks