A large number of websites WordPress violated the last two weeks due to the appearance of a new malicious software "Visitor Tracker". It is not the first time that websites based on WordPress content management system are targeted cybercriminals. Specifically, researchers at Sucuri Labs detected a new "campaign" Mission malware, the aim of which is the illegal access to as many devices visiting WordPress sites.
The campaign began about two weeks ago, but only the last two days it seems that contracted the Visitor Tracker over 5,000 websites.
The name given to the malware is "Visitor Tracker", as identified in the code they have written the cybercriminals a function javascript visitorTracker_isMob ().
This new campaign appears to use the Nuclear Exploit Kit is based on a combination of hacked WordPress websites, hidden iFrames and some widely known or unknown exploit browsers.
As the name implies, the software appears to identify those users visiting the hacked site WordPress and then redirect them to a false istostopous where "hides" the Nuclear Exploit Kit.
How exactly does the Visistor Tracker;
- Inserts malicious code in all JavaScript files that it finds on the hacked WordPress site.
- Once a user visits the page via iFrame opens in the browser of the site where it is stored Exploit Kit
- The Exploit Kit installed in the computer system of the victim and allows remote access cybercriminals to it through vulnerabilities in plugins.
The best method of treatment is to maintain back up and restore files to the point before the infection site, since Exploit Kit acts through the corruption of the plugin file content, topics or those in the core of WordPress and Joomla.
It has trouble my site?
To check, as an administrator, if your website has a problem, run the following command (with Admin rights):
grep -r "visitorTracker_isMob" / var / www /
As a precaution, make sure your plugins are updated with the latest security updates and followback up your critical data.
Aucun commentaire:
Enregistrer un commentaire