Compromised WordPress Sites Redirecting to Black Hole Exploit Kit Servers

The Black Hole exploit kit is really becoming a serious pain in the neck for people trying to use the Internet. At some point, it may become easier to start a list of the URLs that aren’t hosting the exploit kit, rather than the ones that are. For the time being, the latest entry in the latter category is a group of thousands of WordPress blogs that have been compromised and are now redirecting visitors to sites serving the Black Hole exploit kit.

The ongoing attack is using a combination of tactics to compromise the WordPress blogs. Researchers at Avast found that attackers have been using stolen or guessed FTP credentials on the servers that host the blogs in order upload a malicious PHP file. That file will download other malicious code. The attackers also are exploiting a known vulnerability in the TimThumb image resizing utility used on many blogs to upload the malicious code.

Once the code is on a compromised site, as visitors hit the site the code will generate iframes that will redirect users to a remote site that is hosting the Black Hole kit.



About raynhalfpint

Webster's defines addiction as "surrendering oneself to something obsessively or habitually."
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s