New Web Site Hack for WordPress sites – Fake Flash Update

May 11th, 2016   •   Comments Off on New Web Site Hack for WordPress sites – Fake Flash Update   

This new hack of WordPress sites  randomly redirects site visitors either to a parked test0 .com, domain or to malicious sites via the default7 .com domain. This week the default7 .com domain went down, but the attackers returned with a new wave of site infections and the new redirecting domain – test5 .xyz (registered just a few days ago on May 7th, 2016).

This new domain points to the same dedicated server as default7 .com – 199 .48 .227 .25 (United States Carlsbad Plankton Tech Inc) and it still redirects eligible visitors to malicious sites and the rest to a parked test0 .com domain.

The visitor is redirected to a fake Adobe Flash update site, and asked to download an update for Flash.  This installs malware on the victim’s computer.  This update site is also filled with fake advertising – malvertising.  This attack remains undetected by many malware and antivirus programs!

fake-flash-update

DO NOT install Flash updates unless you are sure that they are from Adobe! This fake one has the Flash logo, as well.

This attack commonly uses stolen WordPress credentials to log into admin interface and use the theme editor to inject malware into theme files in WordPress sites, thus replicating the attack to other sites.

Your WordPress website should have the latest website security and anti-malware protection

Contact us for website security protection, and for identity theft prevention and protection.