Compromised WordPress sites lead to Phoenix exploit kit

By | February 1, 2012

Source: Help Net Security

by Zeljka Zorz

In this article “The websites – mostly blogs and small, private pages – use WordPress 3.2.1 and have been uploaded with an HTML page which redirects the users via a hidden iFrame to a page hosting the Phoenix exploit kit.

“The content uploaded by the attacker is not part of the home page and will not show when users browse these websites. In fact, accessing any page on these compromised WordPress sites, other than the uploaded page, will not infect the user’s machine. “explained the researchers.

… Unfortunately, the question of how the WordPress-based sites were compromised in the first place is still unanswered, but it seems likely that the attackers have found a vulnerability to misuse.”

Leave a Reply