CryptoLocker_Ransomware3Security firms Heimdal and Securi have now both reported a huge high spike in malware across a variety of legitimate WordPress websites.  The compromised websites have been taken over by a sophisticated variant of Ransomware that locks a user out of their computer and demands payment.

The compromised websites are injected with fraudulent JavaScript code that’s leads visitors to a unique malware distributing website.   What makes this malware difficult to pin down is that it takes great care to remain undetected and will only infect first time visitors to a website.  Furthermore, the attack code redirects a user through multiple websites before finally delivering the malware payload, further obfuscating the origin of the attack.

Malware is nothing new on the internet but the amount that has managed to land on mainstream websites has greatly increased over the last couple years.  In recent months malware laced advertisements have found their way on to the websites of popular news outlets and even some retail stores.  While no high profile targets have been reported, the breath of this attack is potentially massive; the common connector being the WordPress platform, which is used as the base for thousands of websites all over the world.

Since little is known about which WordPress system is vulnerable, be it the base platform or a third party plugin, it is recommended to browse with caution over the coming days.  Heimdal Security also warns that your personal antivirus may not be sufficient to prevent infection.  In tests, the majority of Antivirus packages on the market were not able to detect the infection.

People who personally run a WordPress sites should take time to make sure their servers are fully patched and make sure that your admin password is secure.

– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer