Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Thousands of hijacked WordPress sites redirect users to exploit kits

Thousands of hijacked WordPress sites redirect users to exploit kits

2015/03/26

Securityweek - (International) Security researchers at Germany's Computer Emergency Response Team (CERT-Bund) discovered that at least 3,000 Web sites have been compromised by a local file inclusion (LFI) vulnerability in the Slider Revolution WordPress plugin that allows attackers to take control of sites by accessing and downloading files from the affected server. Many victims are directed to exploit kit landing pages including Angler and Fiesta which can inject various ransomware, fraud malware, and trojan malware into affected systems.

Source: http://www.securityweek.com/thousands-hijacked-wordpress-sites-redirect-users-exploit-kits

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:51