By - Jesse Emspak
Category - Wordpress Development
Source -http://www.msnbc.msn.com/
Category - Wordpress Development
Source -http://www.msnbc.msn.com/
 |
| Wordpress Development |
Your favorite blog got hacked. Worse, it infected the computers
of thousands of people who visited it.
Such a scenario played out earlier this year with the Flashback
Trojan, a piece of malware that used such " drive-by
downloads " to infect 600,000 Macs, mostly in English-speaking
countries, that had visited corrupted blog pages.
The
Flashback outbreak got attention because it attacked rarely
infected Macs. But it was also the latest in a series of security
headaches for WordPress, one of the most popular blogging
platforms in use. Those Macs got infected by Flashback because
they'd visited WorsdPres-based blogs that had been rigged,
without the knowledge of their operators, to distribute malware.
Since it debuted in 2003, WordPress has become a favorite target
of hackers and cybercriminals. That's not all the fault of its
developers, and WordPress bloggers can take steps to avoid being
vulnerable.
[ FAQ:
The Flame/Skywiper Virus and How to Protect Yourself ]
Open source, but open to attack
Strictly speaking, WordPress is a free, easy-to-use content-management system and blogging
tool. The website WordPress.org hosts the software itself,
which anyone can download and use at no charge.
For those people who want to set up a blog but don't have much
technical expertise, there's WordPress.com, a commercial hosting
service similar to Google's Blogger that has both free and paid
options.
As a content-management system, WordPress is used on such
high-profile sites as CNN and TechCrunch.
WordPress software offers a lot of useful features, plus the
ability to run plug-ins to add even more functionality.
WordPress.com’s paid users get additional features not available
to the free users.
WordPress is not only free, but also open source, which means
anyone can look at the underlying programming code and create new
themes (the software that gives a site or blog its "look") or
plug-ins that anyone can use.
All these aspects make WordPress very popular. The CMS tracker
Builtwith estimates that it's used on at
least half of all websites. That popularity makes the platform
a big, juicy target for hackers and cybercriminals.
Since anyone can make themes and plug-ins, it’s not surprising
that
fake or corrupted versions of those small pieces of software
are the two avenues hackers usually use to attack WordPress.
Anatomy of a WordPress attack
The Flashback Trojan started unsuccessfully in September 2011 as
a fake Adobe Flash update targeting Mac OS X.
By March 2012, Flashback had changed into a drive-by download
using a multi-stage infection process, which was later outlined
by Moscow-based security firm Kaspersky Lab.
First, thousands of bloggers, mostly in North America or Britain,
were duped into installing a free WordPress plug-in called
ToolsPack, which claimed to unlock features normally available
only to paid users.
ToolsPack was actually a Trojan that installed a "backdoor" on
WordPress sites — a secret way in that let the creators of
Flashback administer the blogs.
The second step was for the Flashback creators to install hidden
links on the blogs. Those links waited for Mac browsers to visit.
If one did, the third stage took place. The hidden links would
upload a second Trojan that exploited a security hole in the Java
programming language.
That Trojan installed itself not on the blogs, but on the
visiting Mac itself. It would quickly scan the Mac for anti-virus
software.
If it found none, it would activate the fourth step and download
and install the core Flashback malware.
The fifth and final step was for Flashback to hijack Mac-based
Web browsers’ search results and online ad links, redirecting
them to sites and ads that generated money for the criminals
controlling Flashback — part of a "click-fraud" or " clickjacking "
scam.
Source - http://www.msnbc.msn.com/id/47680292
No comments:
Post a Comment