New Malicious Code Attacks Target WordPress Websites – 2010-07-29 – Sucuri, an eminent name in providing Web integrity and monitoring solutions, has issued a warning of a new series of malware code injection attacks targeting obsolete WordPress websites, as reported by SOFTPEDIA on July 17, 2010.

Users, who visit these websites, will end up being redirected to web pages that serve FakeAV variant.

Further, the security researchers explained, that these new attacks were the duplicate of those mass compromises that had recently, hit thousands WordPress blogs, on BlueHost, GoDaddy and other organizations. The hackers execute automatic scan procedures to trace the vulnerable installations and thus insert a rouge code in the PHP script.

This malicious code is obfuscated through an encoding function called, base64. The assessment of code gives the output as the elements of a HTML script, which have the content of an external domain.

In such a situation, cyber criminals use “” as the attacking website. Besides, they add the following JavaScript code to the websites: <script src=” #. This code further loads another JavaScript code from the site, trying to push “Fake Antivirus” virus to the site visitor.

The script can also be used to redirect to other malicious domains possibly from the The domain ( is in controversy now because of hosting malware loaded websites that manipulate search results through poisoned search results.

This type of criminal activity is very common in the cyber world, whereby the criminals take advantage of the victims by panicking them. Once the victims are panicked, the criminals either persuade them to upload malware to infect their computers or ask them for license fee for the removal of cyber security threat.

In fact, there have been many poisoned search results pointing to a website hosted on domains, from where the victims are redirected to other pages similar to YouTube or displaying some fake antivirus scans. In such cases, scareware installer naming PACKUPDATE107_195.EXE is downloaded and detected as Adware/SecurityMasterAV.

According to the security firm “Panda”, websites displayed in both the cases have no connection to the search carried out. An image that appears ‘My Computer’ is displayed with an alert message of infection after the system is completely scanned, reports cjnews on July 16, 2010.

Resource: SPAMfighter News

Related Posts: