*Worse and worse. It's start to feel unethical to use such an insecure platform as this one. What if my own blog is subverted and used to contaminate the machines of hapless PC users? Kinda like a bartender casually serving up poisoned beer.
http://www.theregister.co.uk/2011/08/08/wordpress_hijack_poisons_google_image/
Mass WordPress hijack poisons Google Image well
Mystery doorway planted in 4000+ sites
By Dan Goodin in San Francisco
Posted in Security, 8th August 2011 22:27 GMT
"Hackers are abusing thousands of independent WordPress sites to litter Google Image search results with code that redirects users to servers that attempt to infect them with malware.
"According to a report posted Friday, Russian researcher Denis Sinegubko identified 4,358 WordPress blogs that combined popular images from other sites with so-called doorway pages that redirected visitors to a series of malicious sites. The site at the end of the line displayed misleading graphics designed to trick users into installing fake security software by convincing them their machines have already been infected by malware and urgently need to be cleaned.
“The doorway pages rank quite well for some keywords both in Google web search and Google Images search (especially when you are searching for exact phrases),” Sinegubko wrote. “However the malicious redirects occur only when you click on Google Images search results, which proves that Google Images poisoning is the main goal of this black-hat SEO campaign.”
"As of Friday, Google was flagging less than 5 percent of the compromised WordPress sites as harmful to its users, Sinegubko said. On Monday, The Register asked Google representatives if additional websites have been added to its list. This article will be updated if they respond.
"It remains a mystery how the sites are being compromised. Many are running up-to-date versions of WordPress. (((That's not good.))) What's more, the compromise affects sites on a variety of webhosts, and not all WordPress sites on affected hosts contain the toxic links. All of that would seem to rule out server-wide attacks, compromises based on stolen site credentials, or an exploit of a compromise in WordPress itself.
"Sinegubko speculated that the compromise is the result of backdoor code previously installed on the affected websites...."
*More:
http://www.theregister.co.uk/2011/08/02/wordpress_zero_day/
http://www.theregister.co.uk/2011/06/22/wordpress_trojan_invasion/
http://www.theregister.co.uk/2011/03/03/wordpress_ddos_attack/
http://www.theregister.co.uk/2011/04/13/wordpress_hack_attack/
More via SANS:
–WordPress Sites Being Used to Poison Google Image Search Results
(August 8, 2011)
Sites using the WordPress blogging platform are being manipulated to
poison Google images search results with malicious code that redirect
users to sites that try to infect their computers with malware. As of
Friday, August 5, less than five percent of WordPress sites appear to
have been affected.
Internet Storm Center Reports:
http://isc.sans.edu/diary/More+on+Google+image+poisoning/10822
http://isc.sans.edu/diary/Image+search+can+lead+to+malware+download/10759
http://isc.sans.edu/diary.html?storyid=11323
General news reports:
http://www.theregister.co.uk/2011/08/08/wordpress_hijack_poisons_google_image/
