Some 50,000 sites have been sprayed with backdoors from shonky
malware targeting a popular and vulnerable WordPress plugin, according
to researcher Daniel Cid.
Sucuri founder Cid says the bodged
malware can infect any site that resides on the server of a hacked
WordPress website. The flawed plugin allowed attackers to "inject
anything" into sites including malware, defacements and spam.
"The malware code had some bugs: it was breaking many websites,
overwriting good files and appending various statements in loops at the
end of files," Cid said in a blog.
"All the hacked sites were either using MailPoet or had it installed on another sites within the same shared account -- cross-contamination still matters.
"To
be clear, the MailPoet vulnerability is the entry point, it doesn't
mean your website has to have it enabled or that you have it on the
website; if it resides on the server, in a neighbouring website, it can
still affect your website."
Cid urged WordPress sites to update their vulnerable plugins.
Admins
could look for an obvious sign of infection with the error: "Parse
error: syntax error, unexpected ‘)’ in
/home/user/public_html/site/wp-config.php on line 91". More technical
detail was available on the Sucuri blog.
No comments:
Post a Comment