There has been a strange increase in the amount of Wordpress sites that have suddenly become attacked and infected with malware in the past few days. According to the ARS Technica blog, a rather large number of legit Wordpress blogs have been hacked and are redirecting users to malware pages that are set up as “attack sites”. These attack sites are set up to run code from the Nuclear exploit kit that’s available for sale on black markets. The user is then infected with the Teslacrypt ransomware package.
Apparently the Wordpress sites are injected with huge blurbs of code that silently redirect the user to pages that appear to be filled with ads. These ads then take advantage of weaknesses in old versions of Adobe Flash, Internet Explorer, Silverlight, and other programs. This is why we highly recommend that people allow automatic updates of all these software programs so that you never even have to think about it. People always forget to update their software or they procrastinate, and this leaves you open to infections.
The Teslacrypt ransomware is a malicious program that encrypts files on your computer and holds them ransom for a cash payment, usually payable through bitcoins. Ransomware is one of the most intrusive, annoying, and costly malware programs that one can get.
Interestingly the code used by these hackers is adaptable, and in order to avoid research by security professionals the code attempts to infect and be visible to only first time visitors.
These recent attacks (through totally legit Wordpress sites) are reminders that drive by installations of malware don’t only happen in bad internet neighborhoods such as adult, gambling, and hacking sites. You can be vulnerable to infection even by visiting sites that you know and trust. This is again why we highly recommend installing security updates as soon as they are available. It’s a pain in the neck to have to deal with a ransomware, and worth the three minutes that you’ll spend downloading and installing an update.
To people with Wordpress sites, take some time to ensure that you’re running the latest version of Wordpress. Installing backup and security software for your sites is also a good idea if you are worried about being hacked. I’ve been hacked several times before and it’s really not fun.
Another thing that you can do as a user is to ensure that you’re always backing up your files. Backing up using an automated cloud uploader to a service such as Backblaze or Crashplan. If you ensure that all of your files are backed up then if you’re infected with a malware you can just delete your installation of Windows and restore from your backed up files. This is just one of the many reasons that we highly recommend that you institute a good and reliable backup plan for your files. You can never be too careful.