Hackers target WordPress in large scale attack

Hackers have reportedly targeted a number of websites powered by the popular WordPress platform.

The attacks have affected sites hosted by various providers, including DreamHost, GoDaddy, Bluehost and Media Temple.

In addition, other PHP-based management systems – such as Zen Cart eCommerce – have also been targeted in the ongoing cyber offensive.

“The hacked web pages appear to have been infected with scripts, which not only install malware on users’ systems, but also prevent browsers like Firefox and Google Chrome, which use Google’s Safe Browsing API, from issuing an alert when users try to access the page,” reported H Open.

“When Google’s search bot encounters such a specially crafted page, the page responds by simply returning harmless code. This camouflage strategy takes advantage of the browser switch normally used by developers to return browser specific code to suit functional variations in different browser, such as Internet Explorer and Firefox.”

Meanwhile, David Dede of Sucuri Security has posted a “simple clean up solution” to decontaminate infected websites.

“Note that we are not blaming WordPress here. I am assuming that if the problem was on WordPress itself, the number of infected sites would be much much bigger,” wrote Dede.

“Maybe a plugin is vulnerable or someone stole lots of passwords. Also, all the hacked sites were on shared hosts, no one so far on a private server…So, it doesn’t look like something specific to a hosting company. The only thing in similar is that all of them are on shared servers.”