Compromised websites remain one of the surefire ways to redirect innocent visitors to exploit kits. During the past few days we’ve started seeing an unusual route to the infamous Angler EK, notorious for leveraging hacked WordPress and Joomla CMSs.
A couple of weeks ago we blogged about an attack against WordPress sites initially discovered by Denis Sinegubko over at Sucuri. The campaign is still going on but quickly evolved, as reported by DeepEnd Research, with a change in its URL pattern from “/admedia/” to “/megaadvertize/”. According to our honeypot data, this change happened around Feb. 4th and […]