30K WordPress Blogs Infected With the Latest Malware Scam

alphadogg writes with an excerpt from an article over at Network World: "Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense say. The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said."

Specialist ISP of Transnistria.. again.

[Dynamoo]

It looks like the first step in the infection is via an IP (194.28.114.103) belonging to Specialist ISP of Transnistria. That has featured before on Slashdot in this story.

The block 194.28.112.0/22 is simply all evil (I've documented it here in the past), there's no reason to send traffic to it at all, blocking it is a good option.