WordPress blogs infected to distribute rogue antivirus software (03-07-2012)

From Networkworld:

 

Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense said in a blog post on Monday.

 

Sucuri researchers have also been tracking this scareware distribution campaign and found that a rogue WordPress plug-in called ToolsPack has been installed on many of the compromised blogs. The plug-in masquerades as a collection of WordPress administration tools, but in reality it contains a backdoor that attackers use to maintain their unauthorized access to the affected sites, Dede said.

 

Websense indicated that infected pages contain the following code at that bottom of the page.

 

Networkworld Article: http://www.networkworld.com/news/2012/030612-30000-wordpress-blogs-infec...
Sucuri Research: http://blog.sucuri.net/2012/02/new-wordpress-toolspack-plugin.html
Websense Post: http://community.websense.com/blogs/securitylabs/archive/2012/03/02/mass...