Websites that use the very popular Joomla and WordPress content management systems (CMS) are being compromised by iFrame injection exploits that redirect users to malicious sites in order to download scareware onto victims’ computers.
Sites are becoming infected by "some tool that's basically firing a bunch of Joomla and Wordpress exploits at a given server and hoping something hits," John Bambenek of the Internet Storm Center (ISC), a threat warning service, wrote on its blog. "It seems the biggest pain is around Joomla users, particularly with extensions, which greatly increase the vulnerability footprint."
The ISC's report said two IP addresses in particular appear to be responsible for many of the exploits, which appear to especially target extension heavy sites on Joomla.
Joomla users faced a malware problem in September when attackers found a way to launch Java exploits from malicious GIF images, Kaspersky's Threatpost blog reported. In January, 600,000 Mac computers became infected after visiting WordPress blogs due to a Flashback Trojan infection. Both CMS platforms have been popular hacker targets since their advent.
Follow Ben on Twitter.