Monday, April 12, 2010 12:59 PM
cmosby
WordPress Blogs Suffer from a Mass Compromise – TrendLabs Malware Blog
Apr11
WordPress Blogs Suffer from a Mass Compromise
2:43 pm (UTC-7) | by Jonathan Leopando (Technical Communications)
Mass compromises have not been in the news of late but a new wave recently hit the headlines. According to news reports, users running the popular blogging platform WordPress have been hit with an attack that modifies a setting within the application that contains the URL of a blog.
In compromised sites, this setting is changed to point to a malicious website. This redirects all would-be blog readers to the said website, which contains scripts leading to a malicious file detected by Trend Micro as TROJ_BUZUS.ZYX.
TROJ_BUZUS.ZYX, in turn, leads into an infection chain that leads to various malware, including a rogue antivirus that was already detected by Trend Micro as TROJ_FAKEAV.ZZY.
It is not yet clear how this attack is being carried out. However, many of the affected blogs were hosted on Network Solutions, which stated on its own blog that it is aware of the issue. In addition, Network Solutions stated that it was investigating the issue and checking to see if a WordPress theme or plug-in was responsible.
This represents a change in the behavior of the BUZUS malware family, as traditionally it spreads via instant-messaging programs, as documented in two separate posts here in the Malware Blog:
Trend Micro™ Smart Protection Network™ protects users from these threats by blocking the malicious website used in this attack as well as by detecting and removing associated malware like TROJ_BUZUS.ZYX and TROJ_FAKEAV.ZZY.
Read more: http://blog.trendmicro.com/wordpress-blogs-suffer-mass-compromise/#ixzz0kuTojFLf
Filed under: Security and Anti-Virus, Blogging, Internet Hacks