Hundreds of Wordpress web sites get hacked

SECURITY RESEARCHERS have discovered that hundreds of Wordpress based web sites and blogs have been compromised.

The attack is affecting web sites using an old version (3.2.1) of Wordpress, according to M86 Security Labs. The web sites have been injected with code that redirects the user to an exploit web site.

M86 said on its blog, "The attacker uploaded an HTML page to the standard Uploads folder and that page redirects the user to the Phoenix Exploit Kit."

The firm said the aim of the attackers is to avoid URL reputation mechanisms, spam filters and some security policies. It also said users are lured to the malicious web site via emails querying a bill and that the code tries to exploit vulnerabilities in Microsoft's Internet Explorer, Adobe's PDF and Flash, and Oracle's Java.

Websense has blogged about the same issue and said that the exploit installs the TDSS rootkit on the user's machine. It said, "The Tdss rootkit is one of the stealthiest rootkits in the wild. Its goal is to acquire total control of infected PCs and use them as zombies for its botnet."

It's uncertain who is behind the attacks at the moment but Websense advises users to update Wordpress to the latest version, which is 3.3.1. µ