Black widow spider in the crosshairs - Image Credit Free Range Stock - Jack Morehsource: WordFence
published: 2 February 2016

Do you manage your own WordPress website or leave it to relative novices within your organisation? If so, think very carefully about this and the potential threat it may pose.

The following was communicated by WordFence security software provider early in February 2016:

At Wordfence we frequently investigate hacked customer websites as part of an ongoing R&D effort to improve our core scanning engine. Examining hacked sites gives us data on how the attackers gained entry and provides us with visibility on the latest attack tools. It also provides us with signatures we can add to our core scanning engine that improves our ability to detect a hack.

During a recent investigation of a very large infection we found a trove of attack tools that all pointed back to a single “meta” script. This script was only two lines long but provided an attacker with a powerful capability. Once it fully installs itself it provides what we are referring to as an “attack platform”.

In the case of this infection, the source appears to be a hacking group in Vietnam and one individual within that group.

To provide you with some insight into the powerful capability that this platform provides, we have created a video demonstration where we infect a test virtual machine with the two line meta script and use it to download the tools it provides.

Read More click here >