A new wave of attacks on websites running the WordPress content management system has led to 30,000 sites being hijacked by a cybercriminal gang.
According to NetworkWorld, the hijacked websites contain pages that redirect users to drive-by attack sites.
Researchers at Websense detailed the findings in a blog post.
Researchers from security firm Sucuri found that a rogue plug-in named ToolsPack (which is known to contain a backdoor used by attackers) was installed on many of the compromised sites, while others used weak passwords or were running outdated versions of WordPress.
Users running WordPress are strongly advised to use strong passwords, update to the latest version of WordPress, and to be wary of the plug-ins they install.
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.