This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. > Find out more here
All the latest UK technology news, reviews and analysis
|
|
Security firm Avast is advising webmasters to scan sites and update log-in credentials following the discovery of a malware attack targeting the WordPress publishing platform.
The attack exploits a vulnerability in an image plug-in for WordPress, allowing an attacker to access a site and use the platform to distribute malware payloads and harvest FTP log-in credentials for users and administrators.
Jan Sirmer, senior virus lab researcher at Avast, said that a flaw in the TimThumb image plug-in allows the attackers to infect sites running WordPress with a malicious PHP file.
The attack is believed to be conducted through a commercially available toolkit called BlackHole, and redirect users to sites that attempt to install malware.
Sirmer warned that in some cases the attack had gone unnoticed by administrators because the sites were hosted by third-party service providers.
Avast urged administrators to scan their own systems, and to visit their sites with PCs running anti-virus software to detect possible infections on hosted pages.
"WordPress is not immune to exploitation, a fact driven by its overall popularity and the wide number of available versions," Sirmer said.
"Stronger log-in and password keys, alone or together with two-factor authentication, are options that system administrators should use when working with third-party IT managers."
V3 pits top devices against one another ahead of Samsung Galaxy S4 launch
The clock is ticking for Postini users that don't want to move their email management to Google Apps.
Build great digital experiences at the speed of the web
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
