To verify if this feeling of deja-vu is right, I took a loot at our statistics to identify the volume of we've seen over the last week that were infected with malicious IFRAMES or Javascript:
| Measurement | Pecentage of Wordpress sites |
|---|---|
| Hits | 68% |
| Hosts | 87% |
Percentage of infected sites running Wordpress
68% of the pages infected with malicious IFRAMES or javascript were running on Wordpress. If we look at the number of unique hosts, 87% of infected sites are running Wordpress!
The current version of Wordpress available for download is 2.9.2. The Wordpress version can be identified by this HTML code:
<meta name="generator" content="WordPress X.X.X" />
Here is the distribution of infected Wordpress websites by version:
Infected Wordpress sites by versions
14% of the infected are running the latest versions. Note that they may have been infected through a plugin that may not be up to date.
Most of the infections related to injected IFRAMES that link to an external malicious sites. Some attacks are also used to inject spam, as can be seen in this code sample:
Invisible spam links to Viagra and other popular drugs
-- Julien
Posts
1 comment:
This is not the method used for the Network Solutions hack. This hack involved a script inserted some place in the templates or database so that no matter how you fix the 'pages' the script is back upon next reload -- only PHP pages, not html indexes.
We have not been able to identify the script for removal, and Network Solutions is not sharing that info, not even with site owners. I've inquired three times and get the same canned response each time.
Post a Comment