Slashdot Mirror
WordPress Hacks Behind Surging Neutrino EK Traffic
msm1267 writes: More than 2,000 websites running WordPress have been compromised and are responsible for a surge this week in traffic from the Neutrino Exploit Kit. Attacks against sites running older versions of the content management system, 4.2 and earlier, were spotted by Zscaler. Those sites are backdoored and redirect a victim's browser through iframes to a landing page hosting the exploit kit where a Flash exploit awaits. The exploits generally target Internet Explorer, Zscaler said, and victims' computers are eventually infected with CryptoWall 3.0 ransomware. This analysis is in line with a similar report from the SANS Institute, which pointed the finger at a particular cybercrime group that had steered away from using the prolific Angler Exploit Kit and moved operations to Neutrino.
WordPress is a security problem
I know I'm going to catch flak for this.
WordPress and all of it's plugins and themes are a huge target for hackers and reliably available online.
The main problem is that users don't regularly update, or rather that they can't in many cases.
That is, assuming the plugins are updated for security holes at all.
I wouldn't be surprised if hackers had databases of the exact versions, plugins and themes of millions of WordPress installations.
Just wait for a new public disclosure, replicate the exploit and attack the matching sites in your database.
They could have hundreds of freshly hacked WP sites every week.
These sites may only stay hacked for a few days or weeks, but it's simple economics.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
You only need this if you use WordPress on a public website ofcourse...
Make sure to have an uptodate WordPress install. That means that the current major version of 4.3 is okay, but also the minor security update of 4.2.4 (which is an update for 4.2), or even 3.7.10 (which is an update for 3.7).
Any major version before 3.7 is not supported and a security risk.
About plugins, only use plugins that are maintained, and use the latest version from the author.
If you use plugins that haven't had an update in a year or even in 2 years, check if the maintainer is still active, and plan to switch to something else.
If you use commercial plugins, stay away from illegal downloads. They will have malware inside them.
Only use commercial plugins in their current version, and keep them updated (which mostly means, pay your yearly fee).
If you are a developer that builds websites for customers, you will have customers that won't click on Update. You could consider offering a service where you update the software regularly for a reasonale fee.
Well, don't worry about that. We can get you back before you leave. (Dr. Who)
Can anyone here please share with us in what way we can protect ourselves from being infected with those malwares/ransomwares?
The summary notes that the criminals use a Flash exploit and target Internet Explorer. So, a good guess would be to uninstall Flash and stop using Internet Explorer. If that is too grand a step, you could go for a Flash block addon for your browser, so you get to choose if Flash is allowed to run.
The truth may be out there, but lies are inside your head