When a WordPress Plugin Goes Bad

03042016_WordPressPlugin_V1

 

Update March 7: The WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the CCTM plugin, and changing the version to 0.9.8.9. WordPress should automatically update to this new clean version.

If your site was compromised during the timeframe while the backdoored version (0.9.8.8) was installed, updating to 0.9.8.9 is not enough to clean the site – Please check the Mitigation section at the end of this blogpost.


 

Last summer we shared a story about the SweetCaptcha WordPress plugin injecting ads and causing malvertising problems for websites that leveraged the plugin. When this plugin was removed from the official WordPress Plugin directory, the authors revived another WordPress account with a long abandoned plugin and uploaded SweetCaptcha as a “new version” of that plugin.

In the end of the SweetCaptcha saga, we gave this warning:

It’s quite a common scenario when criminals try to hijack or buy developer accounts of legitimate applications, or pay their developers to add some malicious code into their software, so some benign plugin or application may turn bad after an update — the only thing that protects you is the author reputation and the security screening and approval process in the repository.

This time we’ll tell you of another plugin that turned bad after an update.


Read More

Behind the Malware – Botnet Analysis

Revslider new vulnerability with IRC Botnet

While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises. Now it's being leveraged again in a new attempt to infect
Read More

Investigating a Compromised Server with Rootcheck

02192016_RootCheck_V2

What do you do if you suspect your server (VPS or dedicated) has been compromised? If you are a customer, you have the option to leverage our team to perform the incident response on your behalf. What if you want to do an investigation on your
Read More

WordPress Sites Leveraged in Layer 7 DDoS Campaigns

021072016_WordPress7Layer_V1r2

We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The problem being that any WordPress website with the pingback feature enabled (its def
Read More

Fake SUPEE-5344 Patch Steals Payment Details

02122016_SUPEE5344

Update 2/17: This post is not about hackers tricking webmasters into installing fake Magento security patch. It's about malware that pretends to be an applied security patch. In case you don't know, SUPEE-5344 is an official security patch to the
Read More

Seo-moz.com SEO Spam Campaign

Seo-Moz Website Spam

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites and stuffing spam keywords into the site. These
Read More

Magento PCI Compliance Issues and Theft Over TLS

02052016_MagentoPCICompliance

With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for hackers due to its popularity. However, in the case of Magento, the main goal that hackers pursue is
Read More

Server Security: Import WordPress Events to OSSEC

01282015_Ossec_WordPressUpdate

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file
Read More

Massive Admedia/Adverting iFrame Infection

02012016_Admedia

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are:
Read More

The Risks of Hiring a Bad SEO Company

Blackhat SEO Website Malware

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO). We
Read More

Shopping Cart   now in your cart0 item(s)