Unknown vulnerability in WordPress led to a surge in the number of hacks sites

Over the past few days, three different computer security firms have reported a sudden increase in the number of hacked sites running WordPress content management system. Most often, hacked sites are trying to infect users with ransomware viruses.

Infection occurs through the hacker circles Nuclear exploit kit , which exploits vulnerabilities in older versions of Adobe Flash Player, Adobe Reader, Microsoft Silverlight and Internet Explorer. On the victim's computer, a TeslaCrypt malware ransomware is installed , encrypting the files and then requiring a ransom for the key for decryption.
')
Apparently, another vulnerability was discovered in WordPress, about which system developers do not yet know - or which they did not have time to fix.
Malicious code that hits a hacked site is written in encrypted form at the end of the JavaScript files.


Sample encrypted code

To make detection difficult, a hacked site tries to infect users only on the first visit, and the visitor is redirected several times to other sites. The Safe Browsing service offered by Google has already marked some of these sites as malicious, however, judging by the reports of the security men, the attackers periodically change the chain of sites leading the visitor to the goal in order to avoid this security measure.

At the same time, antiviruses (at least, most of them) will not serve as a panacea - in this case, according to the VirusTotal report , only 2 out of 66 antivirus programs marked the site as malicious. Users are advised to timely update the program to the latest versions.

Site administrators, experts recommend using two-factor authentication systems and also do not be lazy to update the versions of the systems running on the servers.