Security experts are warning webmasters over a series of attacks targeting the WordPress and Joomla publishing platforms.
The Sans Institute said that it has received reports of multiple exploit attempts on the platforms. The compromised sites are then injected with code which redirects to a third-party site.
John Bambenek, Sans blogger and president of security firm Bambenek Consulting, said that the attacks were particularly interesting for their method of attempting to exploit pages en masse by targeting servers.
"The interesting thing to note is that it doesn't seem to be a scanner exploiting one vulnerability but some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits," he explained.
Sans said that the compromised sites are used to redirect users to an attack site which tries to infect users with a phony antivirus package. Such payloads are often used to trick users into paying for "registration fees" and other fraudulent charges.
Webmasters and administrators are being advised to update their software to avoid an infection.
"Mediation is your typical advice, make sure all your software is up-to-date and kept that way on a regular basis," Bambenek said.
Wordpress has previously been the target of malware attacks. Cybercriminals have targeted the publishing platform as a means of embedding attack code in pages which can then be used to redirect visitors to third-party attack sites.
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23