Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

August 16th, 2011, 16:23 GMT · By

Timthumb-Driven WordPress Attacks Continue

SHARE:

Adjust text size:


WordPress blogs attacked through timthumb vulnerability
Enlarge picture
Security researchers warn that the number of attacks exploiting a flaw in a popular WordPress script continues to increase and started leading to malware.

Timthumb is an image manipulation script incorporated by default in many popular WordPress themes. This means that even if it's not a part of the platform's core files, it is still found in a large number of installations.

A vulnerability has recently been identified in the script allowing attackers to upload and execute arbitrary PHP files on the server.

Since then, a patched version of timthumb which also contains other security enhancements has been released, however, most webmasters will need to update manually.

Unlike plug-ins, WordPress themes are not regularly updated and can be abandoned by their developers after a few initial bug fixes. This means that patching will largely depend on blog owners learning about this flaw and deploying the patch themselves.

The vulnerability has been exploited in the wild to inject rogue ads into WordPress websites for the past couple of weeks, however, researchers warn that attacks have now begun to increase in frequency and impact.

"At first we saw the injected domain name hxxp://superpuperdomain.com/ injected at the foot of compromised WordPress blogs. This code appears to have been delivering advertisements to end users via redirects to search engines," security researchers from Websense write.

"Last Friday, we saw a slight adaptation within the injected code. This time, browsers to compromised sites led to the domain hxxp://superpuperdomain2.com/, which seemingly was a placeholder for more nefarious malicious activity," they warn.

Meanwhile, researchers from Sucuri Security warn that attackers are also installing PHP backdoors on the infected sites so they can maintain the unauthorized access for as long as possible.

WordPress owners should immediately update the timthumb.php script in their installation by overwriting it with the patched version and should scan their directory structure for any recently created files they don't recognize. The malicious code must also be cleaned up.

TELL US WHAT YOU THINK:

2,056 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Hacked WordPress Blogs Used in Google Images BHSEO Attack
Patch Available for Vulnerable WordPress Theme Script
osCommerce Mass Injection Attack Infects over 90K Pages

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use