Browse archive

Latest news

Targeted data stealing attacks using fake attachments

A look into the EC Council hack

New Mac spyware signed with legitimate Apple Developer ID

Ransomware adds password stealing to its arsenal

"Get free followers" scam targets Instagram users

Thoughts on the need for anonymity

Four LulzSec hackers handed prison sentences

The New Yorker launches anonymous dead-drop tool

Researchers reveal OpUSA attackers' MO

Info-stealing Dorkbot worm spreading on Facebook

Review: The Hacker's Guide to OS X

Private messages of Bloomberg clients end up online

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

WordPress-based, GoDaddy-hosted websites hacked

Posted on 09 June 2010.

WordPress users whose websites are hosted on GoDaddy servers have been targeted by fake AV peddlers - again.

According to Sucuri Security, the web hosting company's servers were hacked yesterday around 3pm EST, and thousand of WordPress blogs and other PHP based websites were contaminated with a malicious script that points to a fake AV hosted at http://cloudisthebestnow[dot]com/kp.php.

It is also interesting to note that the people behind this attack are the same ones that executed an identical attack against GoDaddy's servers less than a month ago:

Sucuri Security offers an explanation about how these attacks take place: "GoDaddy has some internal vulnerability that is allowing the attackers to upload the following code to their sites: MW:SIPRO:1. A few minutes after this code is uploaded, the attackers run it remotely and this PHP script infects all the files within the site."

Luckily for the owners of the sites, the attack has the same solution as the previous one.