Brian Krebs, in his “Krebs on Security” blog is reporting that a large number of WordPress blog pages have been hacked to redirected visitors to networkads.net that downloads rogue security applications onto their machines. Also, the owners of the blogs are locked out of access.
“It’s not clear yet whether the point of compromise is a WordPress vulnerability (users of the latest, patched version appear to be most affected), a malicious WordPress plugin, or if a common service provider may be the culprit. However, nearly every site owner affected so far reports that Network Solutions is their current Web hosting provider,” Krebs wrote.
He also said that a script that downloads from the networkads.net site attempts to install a malicious ActiveX browser plugin which runs in Internet Explorer. VIPRE detects it as Trojan.Win32.Generic!BT.
A spokesperson for Network Solutions said an investigation is underway and the hack may be related to a malicious WordPress plugin.
Krebs blog here.
Update: unsecured passwords caused WordPress blog takeovers
Network Solutions has found the vulnerability – passwords stored in plain text – that caused the issue and secured it.
Shashi Bellamkonda said on the company blog:
“As part of the resolution, we have had to change database passwords for WordPress. Normally, this does not impact functioning of the blog, but in some cases if you have custom code with manually-embedded database passwords (in files other than wp-config), this will require changes.
“As a precaution, we’re also recommending that all customers using WordPress should log into their account to change their administrative passwords. Also review all the administrative access accounts and delete those that you do not recognize. If you feel you are still experiencing issues and need help please contact us at Listen
Blog post here.
Expanded story at the Register: “Network Solutions mops up after mass WordPress breach”
Tom Kelchner