30K WordPress Blogs Infected With the Latest Malware Scam 104
alphadogg writes with an excerpt from an article over at Network World: "Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense say. The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said."
Re:McAfee? (Score:4, Informative)
Re:Analysis (Score:5, Informative)
From the fine article:
Many of the blogs compromised in these recent attacks were running outdated WordPress versions, had vulnerable plug-ins installed or had weak administrative passwords susceptible to brute force attacks, said David Dede, a security researcher with website integrity monitoring firm Sucuri Security. "It seems the attackers are trying everything lately."
Re:wordpress, again? (Score:4, Informative)
Some of that is Wordpress' fault for not having an easy way to run mass upgrades. My employer has 15 different sites running on Wordpress and the fact that I have to log in to each one manually after upgrading the files and click a link to handle the database update is annoying.
This drove me nuts at my current job for about 2 months - you need Wordpress Network [wordpress.org].
There's the easy way and the hard(er) way to do this:
This [wordpress.org] is the official easy way, but it's never worked for me (last tried in Spring of 2011). The nice thing is that it's all stuff built into WordPress, so you should be able to do it without any problems. I'd say it's probably worth giving this a try with one site, and if it works, run with it.
This [bavatuesdays.com] is more down and dirty way that will definitely work, and is more or less how I did it. A little SQL editing never hurt anyone.
Also, this [sillybean.net] is a great companion to the bavatuesdays link. He goes on about his DNS in the first few paragraphs, but the second half of that post has some good details about where files need to be, and how links and such need to be updated.
Once you have a network, you a fantastic "Update Network [wordpress.org]" button. Boom. Take the rest of the day off.
Re:Its 2012 and yet still... (Score:4, Informative)
Are you an idiot? The article is talking about WORDPRESS - a web application! Windows isn't involved!
Re:Analysis (Score:5, Informative)
For Newbs: Steps to Fix (Score:5, Informative)
Most of my WP installs were infected because I am a slack ass. Here are the high level steps I took to solve the problem:
I may be missing something - again, I'm a slackass. Anyone else have other advice for our admin-challenged friends besides "get a real software package"?
By the way, I was trying to lock down one of my WP installs to only allow authed users access to posts. However, WP does not put the assets for post - usually in wp-content/uploads - behind the auth wall. It's just out there for the whole world to see. It was a simple fix to rewrite the .htaccess config for this directory to redirect to an auth script, but still it still shocks me how insecure this app is.
Related drive-by malware (Score:4, Informative)