By Eduard Kovacs on November 21, 2014
Malicious CMS Plugins Used to Hijack Web Servers For Black Hat SEO
Thousands of backdoored plugins and themes for popular content management systems (CMS) are being leveraged by a threat group to abuse Web servers on a large scale.
The Netherlands-based security firm Fox-IT has published a whitepaper detailing the threat dubbed "CryptoPHP." Researchers have uncovered malicious themes and plugins for WordPress, Drupal and Joomla. In the case of Drupal, only themes have been found to contain the CryptoPHP backdoor.
The attackers often trick website administrators into installing the backdoor by offering them pirated versions of premium themes and plugins. The malicious software is being distributed via various themes and plugins websites, such as Daily Nulled or Nulled Style. Fox-IT estimates that thousands of websites are affected.
Once it's installed on a Web server, the malware can be controlled by cybercriminals manually, or through command and control (C&C) and email communications.
According to Fox-IT, cybercriminals have been using the backdoor for black hat search engine optimization (SEO). CryptoPHP injects links and text into webpages hosted on the compromised server to generate backlinks.
full article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.