WE HAVE MANY SUPPORT OPTIONS

3Get our response in 2 hours or less.

You can also email us at info @ intelliplans .com // Need Remote Support? Windows or Mac

WE'RE AVAILABLE 24/7

Sales: (850) 320-8171
24/7 Phone Support: (850) 549-2282 | (480) 624-2500
Customer Service | Contact Form | Email

Trojan Threatens Owners of Drupal, WordPress and Joomla Sites

Trojan Threatens Owners of Drupal, WordPress and Joomla Sites

Fox-IT, a security vendor located in Netherlands, says that cyber crooks are running a blackhat SEO (search engine operation) operation which is threatening website owners using Joomla, Drupal and WordPress with a secret backdoor Trojan that links to the underlying web server in support of their operations.

The attackers are tricking administrators of website to install their malware-laden, pirated and other plug-ins for free. As per Fox-IT, cybercriminals can institute control of the server when a malware nicknamed 'CryptoPHP' is dropped on the server.

Fox-IT warns that CryptoPHP has compromised thousands of websites. The threat is so named as it uses RSA Public Key cryptography to protect communication with servers. Several sources have been associated with spread of the backdoor known as nulledstylez.com but many other websites like wp-nulled.com, mightywordpress.com and freemiumscripts.com are dealing in copied illegally plugins and themes.

The site has flagged each downloads subject to it being virus free but Fox-It points out that the versions made available for download varied in that they had been verified as virus free by VirusTotal. The pirated downloads have been re-checked and it has been found that files with different timestamps comprise the backdoor concealed in PHP code.

Continue reading
Rate this blog entry:
1634 Hits
0 Comments

Boston.com among websites attacked by Syrian hacker group

By Trisha Thadani and Kiera BlessingGlobe Correspondents  November 28, 2014

Boston.com and several other news and retail websites could not be accessed for a time Thursday after a third-party service provider used by the sites was hacked.

A group called the Syrian Electronic Army claimed responsibility, according to a statement from the third-party sever, Gigya. The Syrian Electronic Army supports Syrian president Bashar Assad and claims to have hacked dozens of websites, such as CNN, Forbes, UNICEF, and Microsoft.A post on Gigya’s blog by chief executive Patrick Salyer said the company experienced “sporadic failures” with access to its service starting about 6:45 a.m. Thursday. The issue was largely resolved by 7:40 a.m.

The company said no user data had been compromised.

“To be absolutely clear: Neither Gigya’s platform itself nor any user, administrator, or operational data has been compromised and was never at risk of being compromised,” Salyer said.

When users accessed the affected websites Thanksgiving morning, they were greeted by a pop-up that read, “You’ve been hacked by the Syrian Electronic Army (SEA),” and then were redirected to an image of the group’s logo, according to an article on Boston.com.

Boston.com deputy editor Hilary Sargent said she was not aware of the site previously being affected by such an episode.

The hackers took control of Gigya’s domain name and altered its settings to direct users to another website, Salyer said.

Several affected companies, including Office Depot, the New York Daily News, the Dallas Morning News, and Boston.com confirmed that they had been affected. Others, such as Microsoft, said they were not aware of any problem with their website, despite the Syrian Electronic Army’s claims.

Salyer said Gigya has “the highest levels of security around our service and user data” and that the company has “put additional measures in place to protect against this type of attack in the future.”

In October, the Massachusetts Maritime Academy’s website was hacked by an extremist group three times in two days. Those trying to use the site were redirected to a photo of what appeared to be a soldier’s grave, with Arabic writing beneath the photo.

The academy’s president, Rear Admiral Richard Gurnon, called the hack a “case of mistaken identity,” saying the website could be mistaken for the Naval Academy’s by someone who doesn’t speak English well.

The Maritime Academy’s site was taken offline until the issue was resolved.

The Syrian Electronic Army does not claim to have any affiliation with extemists.

Trisha Thadani can be reached at [email protected]. Kiera Blessing can be reached at [email protected].

Continue reading
Rate this blog entry:
1542 Hits
0 Comments

Popular CMS WordPress, Joomla and Drupal threatened by CryptoPHP backdoor

Popular CMS WordPress, Joomla and Drupal threatened by CryptoPHP backdoor

A large proportion of websites are built on a CMS rather than raw HTML. Three of the most common are WordPress, Joomla and Drupal, and security researchers at Fox-It warn that site administrators are at risk of being socially engineered into installing the CryptoPHP backdoor on their server.

Distributed through pirated themes and plugins, CryptoPHP's spread is thanks to the light-fingeredness of site admins. It was first detected in 2013 and is still actively spreading. The capabilities of the "well developed" backdoor include remote control of an infected server, and Blackhat SEO -- a form of illegal search engine optimization.

Fox-It warns that thousands of websites have been compromised by CryptoPHP. The threat is so named because it uses RSA Public Key cryptography to protect communication with servers. A number of sources have been associated with the spread of the backdoor, which is nulledstylez.com, but numerous other sites dealing in pirated plugins and themes that are involved -- including freemiumscripts.com, wp-nulled.com and mightywordpress.com.

Each of the downloads was flagged by the site providing it as being clean from viruses, but Fox-It points out that the versions made available for download differed in that they had been verified as clean by VirusTotal. Upon examining the contents of the pirated downloads, files with different timestamps to the rest were found to include the backdoor hidden in PHP code.

While there is little to stop CryptoPHP infecting other CMSs, WordPress, Joomla and Drupal are the main targets due to their popularity. The backdoor installation varies from platform to platform, but in the case of WordPress an extra administrator account is added so that access can be maintained even if the backdoor itself is removed.

Tracing the activity of CryptoPHP seems to lead back to a Moldavian IP address -- specifically in the state Chisinau. Control centers have been identified in the US, Poland, Germany and Netherlands, and Fox-It has produced a white paper that details how to detect the presence of the backdoor.

 


Credits: http://betanews.com


Continue reading
Rate this blog entry:
2678 Hits
0 Comments

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013.

The incident came to light through an investigation by researchers at Fox-IT in the Netherlands, who discovered it after noticing a compromised Joomla plug-in on a customer’s site. After a little investigation, they discovered that the plug-in had been downloaded from a site that offers a list of pirated themes and plug-ins.

Continue reading
Rate this blog entry:
2994 Hits
0 Comments

What CIOs Can Learn From the Biggest Data Breaches

data-breach-thinkstock-100448953
Credit: Thinkstock

A postmortem analysis of some of the biggest recent data breachesoffers IT leaders several pieces of advice for staying a step ahead of hackers.

We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn't always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a similar headline.

CIO.com tapped several security professional to summarize the origins of the top five recent data breaches to affect U.S. firms. There are also lessons to learn from AT&T, Community Health Systems, Experian, Michaels, Neiman Marcus, P.F. Chang's and the UPS Store, among many others.

Continue reading
Rate this blog entry:
1223 Hits
0 Comments
TOP