A number of websites running WordPress have found themselves hacked and set up to deliver crypto ransomware to end users.
Over the past week researchers have noticed a spike in the number of sites that are redirecting visitors to malicious sites. With the attacking sites hosting Nuclear Exploit Kit code which is available on the dark web, if people don’t have the latest versions of Flash Player, Adobe Reader or Internet Explorer, they could find themselves unwittingly infested with the Teslacrypt ransomware package which demands a ransom after encrypting user’s files.
In a blog post from Wednesday, Jérôme Segura, who is Malwarebytes senior security researcher, said, ‘WordPress sites are injected with huge blurbs of rogue code that perform a silent redirection to domains appearing to be hosting ads. This is a distraction (and fraud) as the ad is stuffed with more code that sends visitors to the Nuclear Exploit Kit.’
The code is redirecting first time visitors to legitimate sites through instead to a series of sites with a payload of malicious code. Google has already begun to blacklist the domains using this trick. However, these appear to be being updated as soon as they get listed to new domains.
No matter what sites you visit on the internet, there are still risks as hackers try to gain access to your computer through any means. People should ensure that they keep all of the programs on their computer up to date. Another way to protect yourself is by using the 64-bit version of Google’s Chrome browser.
If you run a WordPress site, you need to ensure that your servers are fully patched. Use a strong password and two factor authentication to keep access limited to just those that need it.