Polymorphic injection attack targets WordPress blogs. Security researchers have identified a sophisticated mass injection attack that uses polymorphic obfuscation and so far has targeted WordPress blogs at a U.S.-based hosting provider. According to a principal virus researcher at Sophos, the attacks began in the middle of November, and they all seem to affect Web sites running the popular blogging platform. Successful infection will result in one or several .php files being dropped on the Web server in multiple WordPress directories. However, despite the .php extension, these rogue files actually contain malicious JavaScript code obfuscated with a technique that makes every one unique. In the security world this is known as polymorphic code and is used to evade antivirus software and intrusion detection systems. The second step of the attack is to inject code in legit .js files used by WordPress, like the jQuery library, with the purpose of loading the .php files along with them. Finally, when the obfuscated JavaScript makes it onto the pages parsed by the visitors' browsers, it generates a hidden element. This element is meant to load malicious content from remote servers in an attempt to infect computers with malware.
Source: http://news.softpedia.com/news/Polymorphic-Injection-Attack-Targets-%20WordPress-Blogs-169953.shtml
No comments:
Post a Comment