Friday, 16 April 2010
New Virus Attack - Blogger-Wordpress compromised ?
Do you like this story?
As I was checking several blogs and websites today, i found that several of them redirected me to either gescansecurity.org or a bing search page for “freevirusscan” .
Several blogger and wordpress blogs were seemed to have been affected. In my case I visited this blog (gosh..its a blogger blog) and this site was redirected to -
which first displayed a window almost identical to a standard "My computer" screen on a windows pc and looked like the typical type of windows malware. It alerted me of various viruses/Trojans (downloader.win32.agent etc.) detected on my computer, followed by a prompt to install "System Security Antivirus" and such by clicking "ok". With no option to close the window, and with no other active windows, I clicked cancel for no result as I got a message that windows security center recommends it as an install and hence the cycle repeats.
When I got rid of that page and revisited it,the page was gone and instead redirected me to a bing search page for search term “freevirusscan” .
On closer inspection I found out that affected blogs load a script just before the </body> tag with no recognizable pattern (atleast for me). Also I monitored my cookies and found that after being redirected to bing,a cookie is set to prevent the user from being redirected for 20 days.
Several wordpress blogs also displayed the same vulnerability. On later googling I found a user in apple forum about the same problem. A new virus attack on Wordpress/Blogger ? Seems so as I was running Linux and seemed to have no malware installed on my Linux machine. Tested this on a clean windows machine and for positive results.
Keep your eyes open folks..
Like This post ? You can buy me a coffee :)
Posted by XERO. ALL RIGHTS RESERVED.
This post was written by: Rishabh Dangwal
Rishabh Dangwal is a no-nonsense network geek who likes to play retro games and emulators in free time. Follow him on Twitter
0 Responses to “New Virus Attack - Blogger-Wordpress compromised ?”
Post a Comment