Saltar al contenido

Outdated WordPress used in pharmaceutical spam campaigns


A couple of days ago on the Symantec blog they commented that they had detected in a few hours thousands of sites violated and used in pharmaceutical spam campaigns. Although they did not determine exactly what vulnerability was being exploited, all the sites have something in common, they use outdated versions of WordPress.

Attackers create an .html page that automatically redirects to the fraudulent site, this is propagated by spam mails Usually sent from compromised accounts or infected computers. Just today one of those messages came to me, at first glance you can see that it is spam but when it comes from a contact many click on it and minutes later they end up buying cheap viagra on a fraudulent site:

This kind of fake emails are already classic, to the point that Hotmail recently added a new option that allows us to report that our friend's account is compromised.

With some Simple Google searches it is also possible to find many compromised sitesFor example, in the following screenshot you can see the results that contain the words buy viagra and a typical wordpress URL:

By clicking on some of the results you can see things like this:

This particular site uses an outdated version of WordPress, this can be easily seen by looking at the source code of the page. The most recent version of the platform is 3.2.1:

The site can also get infected in many other ways, outdated plugins, compromised FTP, poorly configured permissions, etc., but an old version of WP is always a good candidate for attacks.

That is why it is always important to keep everything updated, whether they are blogs, forums or any type of online platform. In short, they are programs that are running on a server and can present vulnerabilities like any other.