WordPress Hacks Behind Surging Neutrino EK Traffic

msm1267 writes: More than 2,000 websites running WordPress have been compromised and are responsible for a surge this week in traffic from the Neutrino Exploit Kit. Attacks against sites running older versions of the content management system, 4.2 and earlier, were spotted by Zscaler. Those sites are backdoored and redirect a victim's browser through iframes to a landing page hosting the exploit kit where a Flash exploit awaits. The exploits generally target Internet Explorer, Zscaler said, and victims' computers are eventually infected with CryptoWall 3.0 ransomware. This analysis is in line with a similar report from the SANS Institute, which pointed the finger at a particular cybercrime group that had steered away from using the prolific Angler Exploit Kit and moved operations to Neutrino.

Re:WordPress is a security problem

The main problem is that users don't regularly update

That's victim blaming. The actual problem is that practically all software is shit. As an industry, we make almost exclusively defective products. And I don't mean the inevitable bug that escaped despite diligent design, careful implementation and thorough quality management. I mean that software is generally so shoddy that we wouldn't let people live in it if it were a house. Software that is at best in prototype stage is foisted on end users, and then we have the gall to blame people for not updating.