14 DAY TRIAL // Someone known to spam users with adult content has been spotted to have switched to a pitch including banners with photos stolen in the celeb hack that became popular since the beginning of the month.
The spammer started the campaign on September 2, a couple of days after personal images of various celebrities in the nude started to be published on 4Chan.
According to Cloudmark, a company offering protection against spam and threats delivered via email, the spammer uses compromised web servers to store and deliver landing pages linking to hard core adult content available on a domain hosted in Russia.
Illegal content promised for 1$
The web page a potential victim lands on after accessing the link in the spam message incites them to make a purchase by promising access to nude photos of female celebrities whose iCloud account was hacked.
To make the offer irresistible, pics of Jennifer Lawrence, Kate Upton, and McKayla Maroney were presented. However, starting September 11, the spammer switched to a different banner showing an animated GIF of singer Miley Cyrus as well as adult content featuring models with similar looks as the celebrities.
A message is also displayed, informing visitors that they can get compromising pictures and videos of the celebs for only 1$. Attempting to make a purchase takes the visitor to a website hosted in Massachusetts.
WordPress websites appear to have been compromised
The servers storing the landing pages seem to host WordPress websites for a wide range of entities, including schools and church groups.
“A disproportionate number of them have characteristics of WordPress sites, so it’s probable that this spammer is exploiting vulnerabilities in WordPress or its plugins,” says Andrew Conway from Cloudmark in a blog post.
The telemetry data from Cloudmark’s automated scanning system indicates that the number of servers found breached amounts and used for this particular campaign over the past three weeks, amounts to hundreds.
Conway warns that administrators of WordPress websites should check that all the software they run is up-to-date. They are also advised to check the files on the web server storing the website for items that have been inserted by the attacker.
Cloudmark has taken the necessary steps to alert authorities of the photo of McKayla Maroney being promoted online, because according to her lawyers the gymnast was still underage when the picture had been taken and, as such, it is illegal under the US law.