Fake Antivirus Lives On, Now Infecting 200K WordPress Pages

A new series of mass-injections have been targeting Wordpress sites as of late and appear to have already infected more than 200,000 web pages according to a report on Websense’s Security Labs blog earlier this week.

A new series of mass-injections have been targeting WordPress sites as of late and appear to have already infected more than 200,000 web pages according to a report on Websense’s Security Labs blog earlier this week.

The injections lead unsuspecting users to a bogus AV site that appears to perform a scan on the computer, allegedly as part of a “Windows Security Alert.” The graphic that pops on screen resembles a Windows Explorer window that – after running the “scan” – encourages the user to download an anti-virus program that turns out to be a Trojan.

Websense notes that 85 percent of these compromised WordPress sites are hosted in the United States but goes on to warn that everyone is at risk when visiting sites like these.

Last November, Vyacheslav Zakorzhevsky, a Senior Malware Analyst in Kaspersky Lab’s heuristic detection group reported that he had actually been a decrease in the number of fake AV programs infecting users. While fake antivirus notifications may be in decline however, these fake “windows errors” notifications continue to persist.

For the full take on this, head to Websense’s Security Labs blog.  

Suggested articles

Windows Crash Reports Used to Find Zero-Day Attacks

Windows Error Reporting, or Dr. Watson, can be used to detect advanced exploits targeting organizations by fingerprinting exploit behaviors and correlating those with system or application crashes.

New IE 10 Zero Day Targeting Military Intelligence

A new campaign, dubbed Operation SnowMan, was been spotted leveraging a previously unknown zero-day in Internet Explorer 10 after the U.S. Veterans of Foreign Wars’ website was compromised this week.

Discussion

  • Anonymous on

    Come on, read their blog posts. It's 30,000 sites, and 200,000 pages.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.