Vulnerability in TimThumb WordPress plugins: The effects
Posted on 16 August 2011.
With the popularity of the WordPress blogging platform, security researchers here at Websense Security Labs are sure to sit up and take note of any reported zero-day threats affecting the platform itself or the plugins used by blog masters.

Recently, we saw a post by Mark Maunder of technology company, Feedjit, where he noticed a compromise occurring due to a WordPress plugin. The danger was this was a zero-day issue affecting a popular image re-sizing tool often used within WordPress. That was on August 1.

Sure enough, just one week after this initial warning, our ThreatSeeker Network began to see code injected into WordPress Web sites. At first we saw the injected domain name hxxp://superpuperdomain.com/ injected at the foot of compromised WordPress blogs. This code appears to have been delivering advertisements to end users via redirects to search engines.

Last Friday, we saw a slight adaptation within the injected code. This time, browsers to compromised sites led to the domain hxxp://superpuperdomain2.com/, which seemingly was a placeholder for more nefarious malicious activity. Websense customers are protected with our Advanced Classification Engine.

Interestingly, over the weekend, we saw the number of injections leading to the first URL decrease as the use of the second URL ramped up on August 12, as the chart below shows:


This course of events is fairly typical in the life of a zero-day vulnerability. As the issue becomes known, developers rush to fix the vulnerability. In the meantime, malware authors seek to launch attacks on vulnerable websites and deliver variations of attack code to bypass security products. In this case, we saw peaks of 10,000 WordPress-running Web sites infected with the code.

If you are running WordPress on your blog and want to find out more about TimThumb and how to get the latest version, you should take a look at the TimThumb Project page.


Author: Carl Leonard, Websense Security Labs blog.





Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Thu, Dec 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //