30K WordPress Blogs Infected With the Latest Malware Scam

alphadogg writes with an excerpt from an article over at Network World: "Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense say. The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said."

Specialist ISP of Transnistria.. again.

[Dynamoo]

It looks like the first step in the infection is via an IP (194.28.114.103) belonging to Specialist ISP of Transnistria. That has featured before on Slashdot in this story.

The block 194.28.112.0/22 is simply all evil (I've documented it here in the past), there's no reason to send traffic to it at all, blocking it is a good option.

Re:wordpress, again?

[gmack]

Some of that is Wordpress' fault for not having an easy way to run mass upgrades. My employer has 15 different sites running on Wordpress and the fact that I have to log in to each one manually after upgrading the files and click a link to handle the database update is annoying.

Re:Why bother with an infector?

[DigiShaman]

Agreed. The best form of hacking isn't technical, it's social. This is what happens when con artists turn to technology as another venue by which to exploit people.