New
#1
Wordpress injection attack and “affiliate ping-pong.”
Source -When talking about web attacks we tend to think of just defacement or malware distribution. As I shall show in this post, this is not always the case, though financial gain remains the common motive. The attack I describe below is all about driving web traffic, abusing affiliate schemes for profit. We have spoken before about affiliate abuse, back in 2007 and more recently here.
Late last week, I noticed something of a surge in reports of a particular threat: hoards of legitimate pages were being injected with a malicious JavaScript, pro-actively blocked as Mal/ObfJS-H. Thus far, the common link between the affected sites appears to be Wordpress. One user report suggests that the malicious script is being added to the header.php template script used by Wordpress.
Wordpress injection attack and “affiliate ping-pong” | SophosLabs blog