Over hundreds of WordPress blogs hosted on shared servers were attacked by malicious code injected into their pages. A detailed analysis of the affected sites uncovered instructions to hide the attack from Google’s web crawler.
This malicious injected code redirects visitor to a scareware landing page, which displays a fake antivirus scan. The FAKEAV variant distributed via this attack is detected by 24 out of the 41 antivirus engines on VirusTotal.
There is still no clear information regarding the method of attack in this case. Go Daddy seems to put the blame on outdated versions of the applications. “The bottom line resolution is to be sure you have the most up-to-date versions of your applications within your entire hosting account,” Todd Redfoot, chief information security officer at the hosting provider, told WPSecurityLock.
Security experts say the stolen FTP or blog admin passwords, a vulnerability in the WordPress blogging platform or a bug in a popular WordPress plug-in are valid possibilities.