Thousands of free versions of paid themes and plug-ins for Joomla, Drupal and WordPress would of backdoors. Malware developers would be the CryptoPHP-malware for illegal search engine optimization.
The Dutch security company Fox-IT discovered that there are thousands of plug-ins and themes for the popular content management systems in circulation that are equipped with CryptoPHP. Of that malware would now sixteen different versions. The company estimates that there are at least a few thousands of sites are infected. The developers of CryptoPHP would site administrators to seduce with illegal versions of add-ons, which they normally would have to pay. So were the scripts, among other things, the Nulledstyles.com and Dailynulled-sites with so-called ‘nulled scripts’.
Furthermore, many piracy-software malware, but according to Fox IT CryptoPHP a few outstanding features. The backdoor makes use of the framework and the database of the attacked cms. The operators of CryptoPHP handle further RSA encryption with public keys for the encrypted communication with the command&control servers. Of those servers, there would be 45 online, of which 18 are in the Netherlands, and the creators would support for manual control in addition to automated communications built-in. Furthermore, it supports CryptoPHP automatic updates, and running code remotely, and the malware code into web pages to inject.
The malware is used for so-called blackhat seo. The backdoor injects links and texts that only web crawlers of search engines to detect, to a higher place in search results, for example, gambling-site to obtain. A regular visitor of the websites to see the links.
Comments
(71)