Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Huge ad scam campaign affects thousands of users visiting WordPress sites

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

February 3, 2016

Security threat researcher Denis Sinegubko says that a huge advertising scam campaign is affecting thousands of users visiting WordPress sites.

He says the scam is injecting several backdoors and constantly re-infecting websites all over again.

The prolific virus-destroyer says that nasty and miscreant writers are injecting code into all JavaScript files on the targeted WordPress sites.

And the scam campaign appears to be getting worse in intensity. Sinegubko says first time visitors will get a cookie that generates fraudulent advertising income for VXers.

"This past weekend alone, we registered a big spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files," Sinegubko added.

"The work appears to be well targeted in scope. This malware uploads multiple backdoors into various locations on the web server and frequently updates the injected code over and over," he said.

"This is why many webmasters are experiencing constant re-infections post-cleanup of their .js files," he asserted.

Sinegubko says the malware will infect all accessible .js files across all domains located on the same hosting account in what is known as cross-site contamination.

"It’s not enough to clean just one site or all but one. An abandoned site will be the source of the reinfection," he warned.

"In other words, you either need to isolate every site or clean/update/protect all of them at the same time," he added.

The malware uses encrypted code which mutates between sites but decrypts into the same structure, adding more to the challenge.

It sets an advertising cookie on infected machines which will inject invisible iFrames into sites over a 24 hour period.

Sinegubko asserted that the malware uses domain shadowing which is a favourite VXer trick to add malicious subdomains on legitimate second level domains after gaining access to specific DNS records.

Source: Denis Sinegubko.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer