A new malicious campaign has compromised over 15,000 WordPress websites in an attempt to redirect visitors to bogus Q&A portals.
"These malicious redirects appear to be designed to increase the authority of the attacker's sites for search engines," Sucuri researcher Ben Martin said in a report published last week, calling it a "clever black hat SEO trick."
The search engine poisoning technique is designed to promote a "handful of fake low quality Q&A sites" that share similar website-building templates and are operated by the same threat actor.
A notable aspect of the campaign is the ability of the hackers to modify over 100 files per website on average, an approach that contrasts dramatically from other attacks of this kind wherein only a limited number of files are tampered with to reduce footprint and escape detection.
Some of the most commonly infected pages consist of wp-signup.php, wp-cron.php, wp-links-opml.php, wp-settings.php, wp-comments-post.php, wp-mail.php, xmlrpc.php, wp-activate.php, wp-trackback.php, and wp-blog-header.php.
This extensive compromise allows the malware to execute the redirects to websites of the attacker's choice. It's worth pointing out that the redirects don't occur if the wordpress_logged_in cookie is present or if the current page is wp-login.php (i.e., the login page) so as to avoid raising suspicion.
The ultimate goal of the campaign is to "drive more traffic to their fake sites" and "boost the sites' authority using fake...
Read Full Story: https://news.google.com/__i/rss/rd/articles/CBMiTWh0dHBzOi8vdGhlaGFja2VybmV3cy5jb20vMjAyMi8xMS9vdmVyLTE1MDAwLXdvcmRwcmVzcy1zaXRlcy1jb21wcm9taXNlZC5odG1s0gFTaHR0cHM6Ly90aGVoYWNrZXJuZXdzLmNvbS8yMDIyLzExL292ZXItMTUwMDAtd29yZHByZXNzLXNpdGVzLWNvbXByb21pc2VkLmh0bWw_YW1wPTE?oc=5
Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.
