Security experts are warning webmasters over a series of attacks targeting the WordPress and Joomla publishing platforms.
The Sans Institute said that it has received reports of multiple exploit attempts on the platforms. The compromised sites are then injected with code which redirects to a third-party site.
John Bambenek, Sans blogger and president of security firm Bambenek Consulting, said that the attacks were particularly interesting for their method of attempting to exploit pages en masse by targeting servers.
"The interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits," he explained.
Sans said that the compromised sites are used to redirect users to an attack site which tries to infect users with a phony antivirus package. Such payloads are often used to trick users into paying for "registration fees" and other fraudulent charges.
Webmasters and administrators are being advised to update their software to avoid an infection.
"Mediation is your typical advice, make sure all your software is up-to-date and kept that way on a regular basis," Bambenek said.
Wordpress has previously been the target of malware attacks. Cybercriminals have targeted the publishing platform as a means of embedding attack code in pages which can then be used to redirect visitors to third-party attack sites.