WordPress websites are battling with a new threat involving a Russian cybercrime network, which is stealing login credentials for U.S. and European banks. Using a botnet, the cybercriminals have already obtained information from 800,000 online-banking transactions. More than 50 percent of these are reported to be from five of the largest banks in the U.S.
The illicit activities of the cybercrime network were discovered by Proofpoint, Inc., a Sunnyvale, California-based security company. It has released information on how cybercriminals get around security measures.
Not all WordPress websites are targets of this new cybercrime activity, although those that have been exploited are basically taken over by a browser exploit kit. As explained by Tom’s Guide: “The Blackhole exploit kit is a collection of malicious code that exists on fraudulent websites, or can be illegally injected onto legitimate, but hacked, websites. These pieces of code are designed to detect and exploit vulnerabilities in Web browsers and create security risks for PCs.”
In this particular case, users who visit compromised WordPress sites would become infected with malware which steals information.
Here’s the dark side of the Internet coming out: the criminals were able to take control of WordPress sites by purchasing information about default WordPress administrator login credentials in online cybercrime markets.
The not-so-bad news here is that most of the computers that have been affected (about 52 percent) are still running on Windows XP. Maybe Microsoft was right in pushing people to discard the old operating system after all!
In any case, if you’re running an up-to-date operating system, you’re probably safe – at least for now.
Just to be sure, if you’re running a WordPress site, change the admin log in details NOW, and make it a habit to change them periodically as well (which is good practice in any case).
More on blog security: