Thousands of WordPress blogs hijacked to deploy malicious code

Anti-virus firm Avast reportsPDF that criminals are exploiting a critical hole in the TimThumb WordPress add-on to deploy malicious code on a large scale. Avast says that it blocked more than 2,500 infected sites in September and anticipates a similar number in October. The attackers install the professional BlackHole exploit framework on the affected servers. The framework then tries to infect visitors to the WordPress blog with malicious code by trying out various vulnerabilities in the visitor’s browser and installed plug-ins.

Read more at H-online

Comments are closed.