From quite some time now,
criminals are running a blackhat SEO operation and threatening
WordPress, Drupal and Joomal website users with a hidden back-door
Trojan, which ties into the original web server in support of their
campaigns.
All the website
administrators have been tricked by the attackers into installing
their malware-laden, pirated themes and other plug-ins for free of
cost. CrytoPHP, the malware, once dropped on the server as they are
able to establish control of the server as per the Fox-IT, a highly
professional security services firm based in the Netherlands.
Approximately 23000
websites have been affected by CrytoPHP, and many of them are hosted
in the United States, according to statistics released Wednesday by
Fox-IT. In real, websites have been affected more due to infected web
servers said by the firm’s security researchers.
Various security industry
researchers are checking spiteful domains spreading CryptoPHP and
getting them taken down, but all the authors, who are behind the
threat rebound, are instantly rebound a new variant to continue to
widen their botnet of infected servers, Fox-IT said.
However, the name
CryptoPHP originated from its use of public key encryption to protect
data from security analyst, making it quite challenging to decide
statistics about the infected platforms. In order to know CryptoPHP,
Fox-IT has published two Python scripts on servers and offered
instructions on how to remove the malware. Eventually, the company
has recommended that administrators have conducted a full reinstall
of their content management systems.
The company said in its
analysis of CryptoPHP, “We do, however, recommend performing a
complete reinstall of your CMS since the system integrity may have
been compromised. An attacker may have gained systemwide access, for
example.”
Moreover, website content
management systems and their components are often target of
attackers, who quarry on administrators, who fail to apply security
updates said by the FoxIT and other solution providers.
Highly used plug-ins and
the platforms are updated frequently to patch software-coding faults
and other weaknesses. Brute force also attached next to administrator
logins that are frequently conducted and the company advises all
administrators to make sure that strong passwords are used and
rotated.
An important security
update has been issued by the Drupal in the month of October and
November, repairing a serious SQL injection susceptibility, and
various errors that can be used in session hijacking and
denial-of-service attacks. Joomla also questioned a security update
in September, addressing a fault that could be used to conduct a
denial-of-service attack.
On 20th
November, WordPress developers also issued version 4.0.1 that address
a lot of important cross-site scripting (XSS) vulnerabilities. It
also addresses a fault that can be used to conduct cross-site request
forgery, allowing an aggressor to issue malicious commands to web
applications.
A professional security
services provider in Finland ‘Klikki Oy’ has discovered the XSS
flaws and said that 56% of all WordPress websites are affected by the
vulnerabilities. A winning break can give an attacker the capability
to take full control of the web server, change the password of
administrator and a new administrator account said by the company.
Keep visiting our blog
for latest and top news and stories on Joomla, Drupal and WordPress
as here we cover top information on Joomla and its solutions.
About the Author
0Awesome Comments!