New Virus Attack - Blogger-Wordpress compromised ?

As I was checking several blogs and websites today, i found that several of them redirected me to either gescansecurity.org or a bing search page for “freevirusscan” .

New Virus Attack - Blogger-Wordpress compromised ? - theprohack.com

Several blogger and wordpress blogs were seemed to have been affected. In my case I visited this blog (gosh..its a blogger blog) and this site was redirected to -

http://gescansecurity.org/?affid=318&subid=landing

which first displayed a window almost identical to a standard "My computer" screen on a windows pc and looked like the typical type of windows malware. It alerted me of various viruses/Trojans (downloader.win32.agent etc.) detected on my computer, followed by a prompt to install "System Security Antivirus" and such by clicking "ok". With no option to close the window, and with no other active windows, I clicked cancel for no result as I got a message that windows security center recommends it as an install and hence the cycle repeats.

When I got rid of that page and revisited it,the page was gone and instead redirected me to a bing search page for search term “freevirusscan” .

Blogger-Wordpress compromised ? Virus Attack ? - theprohack.com

 

On closer inspection I found out that affected blogs load a script just before the </body> tag with no recognizable pattern (atleast for me). Also I monitored my cookies and found that after being redirected to bing,a cookie is set to prevent the user from being redirected for 20 days.

Several wordpress blogs also displayed the same vulnerability. On later googling I found a user in apple forum about the same problem. A new virus attack on Wordpress/Blogger ? Seems so as I was running Linux and seemed to have no malware installed on my Linux machine. Tested this on a clean windows machine and for positive results.

Keep your eyes open folks..

 

Like This post ?  You can buy me a coffee :)

 

Posted by XERO. ALL RIGHTS RESERVED.

 

2 comments:

  1. John your post is 60 words long, and they are two articles on the same topic. This article is far more detailed and descriptive than your post, however your post does mention a search string that you can use to identify hacked blogs ( if the whole getting redirected thing wasn't enough ;) that is not in this article which leads me to believe he didn't copy you and you just ended up with some similar sentences.

    Your reply to this article seems to just be advertising for your ad-ridden blog.

    ReplyDelete
  2. I was looking at a blog: Penguin cheats (for a Penguin Books blog) at, & when I tried to open it a message poped up: you have a virus. As I dont have use the Windows but working on a Mac does it mean something
    these are the details: Email-Worm.Win32.Merond.a
    Virus.Win32.Induc.a fontsub.dll
    Downloader.Win32.Kido.anvcplui.exe
    Downloader.Win32.Kido.ainput.dll
    Trojan.Win32.Agent.azregedit.exe
    and it redirects to : http :// gescansecurity.org
    waht do i do?
    Giory

    ReplyDelete

Need to say something ? Spell it out :)