updated 12/13/2012 1:54:21 PM ET 2012-12-13T18:54:21

Websites that use the very popular Joomla and WordPress content management systems (CMS) are being compromised by iFrame injection exploits that redirect users to malicious sites in order to download scareware onto victims’ computers.

Sites are becoming infected by "some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits," John Bambenek of the Internet Storm Center (ISC), a threat warning service, wrote on its blog. "It seems the biggest pain is around Joomla users, particularly with extensions, which greatly increase the vulnerability footprint."

The ISC's report said two IP addresses in particular appear to be responsible for many of the exploits, which appear to especially target extension heavy sites on Joomla.

Joomla users faced a malware problem in September when attackers found a way to launch Java exploits from malicious GIF images, Kaspersky's Threatpost blog reported. In January, 600,000 Mac computers became infected after visiting WordPress blogs due to a Flashback Trojan infection. Both CMS platforms have been popular hacker targets since their advent.

All Joomla users should upgrade to the latest version of the CMS. Administrators responsible for older versions of Joomla are encouraged to check their JavaScript for unfamiliar iFrames.

On either platform, if your blog does become infected, change all relevant passwords immediately, then follow the recovery steps to take as outlined by WordPress and Joomla.

Follow Ben on Twitter@benkwx.

© 2012 TechNewsDaily


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments