Now Reading
Hijacked WordPress Websites Infect Visitors with Malware

Hijacked WordPress Websites Infect Visitors with Malware

by Ali RazaSeptember 18, 2015

Thousands of websites that run the content management system WordPress have been hijacked by hackers to infect unsuspecting visitors with malware exploits. Although the entire campaign was initiated 15 days ago, its activity has increased tremendously in the past 2 days, as the number of websites being hijacked per day increased from 1000 to 6000.

The purpose of hijacking these websites is to use them as relays to redirect any visitor to a server which hosts an attacking code that is provided by the Nuclear Exploit Kit. The method used to exploit this vulnerability to cause damage to the user’s system and data depends on the operating system as well as the apps that are installed on the system.

Daniel Cid (Sucuri’s CTO) said:

If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can. What’s the easiest way to reach out to endpoints? Websites, of course.

The attackers, according to the report by Sucuri, exploit vulnerabilities in the plugins of WordPress, but this claim has not been confirmed.

Google has launched a service that blacklists the compromised websites and warns users before they visit them. 17% of the websites infected by the campaign have already been blacklisted. One stunning piece of information is that the attackers have managed to gain access of Coverity, a security provider, and are using it for their redirection mechanism.

The detailed report by Sucuri highlights all the details of the VisitorTracker campaign as it has been named by the website due to a function in the javascript file called visitorTracker_isMob().

They advise WordPress users to keep all their plugins updated in order to prevent themselves from being attacked by this malicious campaign. The report also provides website owners a Sucuri scanning tool to check whether their website has been affected by the VisitorTracker campaign.

Image from Shutterstock. 

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • P. H. Madore

    I’ve been saying this for years. Don’t use a CMS unless you have to! Eventually bugs like these, which affect millions of people, ,are bound to happen. I bet this won’t be the last time, either.