As Many as 50,000 Websites Have been Remotely Commandeered by Attackers Exploiting a Recently Patched Vulnerability in a Popular Plugin for the WordPress Content Management System, Security Researchers Said Wednesday. As »XoZeN« Reported in Early July, the Vulnerability in 'MailPoet', a WordPress Plugin with More than 1.7 Million Downloads, Allows Attackers to Upload any File of their Choice to Vulnerable Servers. In the 3 Weeks since then, Attackers Have Exploited the Bug to Install a Backdoor on an Estimated 30,000 to 50,000 Websites, Some that Don't Even Run WordPress Software or that Don't Have 'MailPoet' Enabled, according to Daniel Cid, CTO of Security Firm, Sucuri.
"To be clear, the MailPoet vulnerability is the entry point", he Wrote in a Blog Post. "It doesn't mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website."
In an E-mail to »XoZeN«, he Elaborated:
"The malware injection code is actually trying to compromise all PHP files that it can on the server. So if you have a site at /var/www/site1.com with MailPoet and another site at /var/www/site2.com without it, the malware injector from site1.com will try to compromise site2.com as well. We had a client that all his 20+ sites got injected, because one site inside the same shared account had MailPoet on it. That's why we were seeing Joomla and Magento sites with the same malware as well. Took us a bit of time to connect all the dots and find the entry point on them."
Sucuri Researcher, Peter Gramantik, First Reported the Mass Exploitation Affecting WordPress, Tuesday. The Injected Malware Installs a Backdoor Account that Gives Attackers Full Administrative Control. It also Injects Backdoor Code into All Themes and Core Files. Making Matters Worse, the Malicious Code also Overwrites Valid Files, a Side Effect that Causes Many Sites to Fall Over and Display the Message: "Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91". Cid has Said that, the Only Safe Version of 'MailPoet' is the Recently Released v2.6.7, which Should be Installed Immediately on All Vulnerable Servers. 'MailPoet' Gives Websites Added Abilities to Create Newsletters and Automatically Post Notifications and Responses.
Info Source:
http://blog.sucuri.net/2014/07/malware-infection-breaking-wordpress-sites.html
_Robot_Glove_Pics_1.jpg)
.jpg)
0 comentários:
Enviar um comentário