Blackhole Exploit Kit attack on WampServer & Wordpress sites
The Hacker News

Kimberly from Stopmalvertising found Blackhole Exploit Kit on Website of most popular Webserver software site WAMPSERVER. Almost at the bottom of the webpage they notice a Javascript requesting a file from The URL is followed by a long string of parameters. The file returns a 404, it's just there to fool people.

Once the script decoded we obtain an iframe leading to .According to Analyse of Kimberly , If a vulnerable Java, Windows Media Player, Flash or Adobe Reader version is detected, the visitor will be redirected to and from there to According to Norton Safe Web, has been caught in distributing the ZeroAccess rootkit.

Second Recent Attack by Blackhole Exploit discovered in thousands of WordPress websites that use a popular non-updated TimThumb image tool. Avast senior researcher Jan Sirmer found attackers had exploited weak FTP server authentication credentials and a vulnerability in the TimThumb image resizer to upload malicious PHP files to the site. But this is not the only way for example they use stolen passwords to direct FTP changes.In your FTP, alongside other site files, a new file will appear that looks like this: ./wp-content/w3tc/min/a12ed303.925433.js or ./wp-includes/js/l10n.js
The Hacker News

The attack used the BlackHole exploit kit, which redirected the website's visitors to an external malware-hosting site. Researchers detected an additional 3,500 unique infected WordPress sites, which redirected visitors to malicious sites between Aug. 28 to 31. During September , the company blocked redirects from 2,515 WordPress sites, Sirmer said.

In bottom part of code, there is a request to where only one line of code is stored: assa ='Domain with Black Hole exploit kit'. A fix is available for the TimThumb tool.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.