View Single Post
  #1   (View Single Post)  
Old 12th December 2012
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Joomla sites misused to deploy malware

From http://h-online.com/-1766841

Quote:
The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bundā German language link Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in Germany.

Thomas Hungenberg from CERT-Bund told The H's associates at heise Security that his findings indicate that, for several days, the compromised sites have been exploited to infect computers mainly with fake AV software via an exploit kit. To infect computers, the attackers embed an iFrame into the web sites that points to a Sutra Traffic Distribution System and eventually redirects to an exploit kit.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote