Computer users have been warned against a mass compromise of WordPress sites that may lead to infection by the Cridex malware, which can steal their banking data.
Trend Micro cited recent alerts that cybercriminals are behind a mass compromise of WordPress sites that lead to Cridex infection.
“To lure users to these compromised sites, the cybercriminals behind this employed spammed messages purporting to come from known legitimate sources such Better Business Bureau and LinkedIn, just to name a few. These spam use social engineering tactics to entice unsuspecting users to click the link found in the email,” it said in a blog post.
Clicking the links may lead prospective victims to a series of compromised WordPress sites, which ultimately point users to the Blackhole Exploit kit that targets vulnerabilities.
“Based on our analysis, this exploit results to the installation of WORM_CRIDEX.IC on the affected system. When executed, this worm connects to a remote site … to download its configuration files,” it said.
Microsoft defined the Cridex malware as one that may be delivered via spammed malware.
It said the malware “could spread to removable drives, steal local certificates, capture online banking credential entered via web browsers, download and execute files, and search and upload local files.”
Trend Micro said Cridex was also found to generate several random domains using domain generating algorithms (DGA).
“This is a well-known technique used by cybercriminals to evade law enforcement and to prevent botnets from being shut down. The malware also uses DGA to download its configuration file,” it said.
Presently, it said the exact behavior of the sample will depend on the configuration file.
“Based on static analysis, however, it is capable of executing a file, deleting a file/folder, and retrieving certificates in a certificate store. During our testing, we were unable to download the configuration file as this was no longer available,” it said. — TJD, GMA News
Article source: http://ph.news.yahoo.com/compromised-wordpress-sites-lead-blackhole-163121704.html
View full post on National Cyber Security » Virus/Malware/Worms
