Thousands of sites hacked and infect visitors’ computers with malware
The other day it became known that a Hackers hacked several thousands of different sites by downloading malware to servers. It was done in order to infect the user PCs when they visited their compromised website. The hack campaign was carefully disguised, and was held at least a few months ago.
Most hacked sites are built on open seorse CMS as WordPress, Joomla and SquareSpace . Information about the incident was provided by the information security specialist Jerome Segura, from Malwarebytes. Hackers, he said, have done quite forethought. Infected sites showed visitors phishing messages about the need to install an update for Firefox, Chrome or Flash.
In order to avoid detection, each IP from which fake notifications were sent was used no more thanone time for one visitor. In addition, notification templates were downloaded to the server of hacked sites, so most of the data came from a “white” resource that was not entered into any of the phishing or otherwise dangerous addresses
Specialists from Malwarebytes could not determine exactly how many websites could compromise. Representatives of the company wrote a special spider script, which for certain signs “understood” the presence of infection and informed the creators about it. He, in particular, showed that hundreds of WordPress and Joomla sites are infected. You can also check for yourself on this simple request. There is an assumption that the campaign to spread the malware was launched no later than 20 December 2017. Attackers were able to infect resources whose servers or CMS were not updated.
The attack itself was very thought-out, and therefore attracted the attention of information security specialists. Attackers managed to deceive many security systems, which usually block this type of attack.