Wordpress Hack Exploits Old Code
Attackers have exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.
The exploited flaw is specifically found in outdated versions of the WordPress tagDiv Newspaper and Newsmag themes, according to a December blog post in a security company update.
"Unfortunately, since this infection is related to a software vulnerability, strong passwords and security plugins will not protect you". The author notes that the malicious javascript can be found in a WordPress site's theme. Following code injection, the malware can execute two possible attack scenarios, depending on the site visitor:
1) If the visitor is determined to be logged in as an admin user, the malware creates the rogue user “simple001” with full admin privileges, allowing for complete takeover of the site.
2) If visitors are not logged as an admin and they have not been to the site within the last 10 hours, then the malware commences a chain of redirects that sends them to various scam and advertisement sites.
Previously, attackers were using the same WordPress flaw to inject a variant of the malicious JavaScript that would either display unauthorised pop-ups or redirect visitors to spam websites, but could not enable a complete site takeover.
Wordpress is the most popular website building platform in the world and many live sites are never updated with the latest securtity patches, leaving them vulneable to this variant. If you are using the Wordpress platform, make sure you respond to all security updates as you receive them.
You have to be right every time - hackers need to be right only once.