• <Więcej na stronie intel.com

Editor’s Pick: WordPress Rootkit Attack Infects Visitors

CSO Online article on TDSS rootkit attack

Hackers Infect Wordpress

Hackers Infect WordPress 3.2.1 Blogs* to Distribute TDSS Rootkit

In a recent WordPress rootkit attack, hackers have infected blogs to distribute the notorious TDSS rootkit. In this article from “CSO Online,” Lucian Constantin describes how hackers are compromising WordPress 3.2.1. blogs* to infect visitors with the rootkit, according to researchers from Websense. It’s unclear just how the web sites are being compromised, but there are vulnerabilities that affect WordPress 3.2.1, an older version of the blog-publishing platform.

After gaining unauthorized access to a blog, hackers inject malicious JavaScript* code onto the pages and load a Java exploit from a third-party server. Hackers are exploiting the Java vulnerability CVE-2011-3544 to install a version of the TDSS rootkit on the computers of those visiting the web site—and the number of infections is growing. According to Websense Principal Security Researcher Stephan Chenette, “The TDSS rootkit is one of the stealthiest rootkits in the wild. Its goal is to acquire total control of infected PCs and use them as zombies for its botnet."

Read the original article by Lucian Constantin from January 31, 2012 >