Infected WordPress Sites Connected to Trojans on Approx. 700,000 Macs
Aileen Javier   – April 27, 2013
3 Comments

Infected WordPress Sites Connected to Trojans on Approx. 700,000 Macs


According to security software firm Kapersky, the recent Apple Mac Flashback Trojan that made such a splash in the news recently can most likely trace its roots back to infected WordPress sites.

Alexander Gostev from the Kaspersky Lab Global Research and Analysis Team explains how compromised WordPress sites were used to infect Macs, “From September 2011 to February 2012, Flashfake was distributed using social engineering only: visitors to various websites were asked to download a fake Adobe Flash Player update. It meant the Trojan was being distributed as installation archives named ‘FlashPlayer-11-macos.pkg,’ ‘AdobeFlashUpdate.pkg,’ etc.”

According to Gostev, in March 2012 approximately 700,000 computers worldwide were infected with the Trojan. He says, “The infected computers are combined in a botnet which enables cybercriminals to install additional malicious modules on them at will. One of these modules is known to generate fake search engine results. It is quite possible that, in addition to intercepting search engine traffic, cybercriminals could upload other malicious modules to infected computers – e.g. for data theft or spam distribution.”

FREE EBOOK
Your step-by-step roadmap to a profitable web dev business. From landing more clients to scaling like crazy.

By downloading this ebook I consent to occasionally receive emails from WPMU DEV.
We keep your email 100% private and do not spam.

FREE EBOOK
Plan, build, and launch your next WP site without a hitch. Our checklist makes the process easy and repeatable.

By downloading this ebook I consent to occasionally receive emails from WPMU DEV.
We keep your email 100% private and do not spam.

As we reported last month, the internet security firm Sucuri stated that in the cases they analyzed, the infected sites were either running an outdated version of WordPress or a vulnerable plugin. Attackers were also said to be gaining entrance to sites via weak passwords.

(If you would like to test your site for hacks and malware, Sucuri has an easy to use site-checker.)

In somewhat related news (though not directly related to this situation), WordPress has just released WordPress 3.3.2 – which is a SECURITY release. In other words, the new version has important security updates. You would be wise to update your site as soon as possible.

Photo: Cute_Worm_In_Apple from BigStock

Tags: