Heimdal Security reported an increase in malicious scripts being placed into legitimate websites that then redirect the victim to the Neutrino Exploit Kit in an attack that could potentially impact more than 400 million web users.
The attack works by targeting websites, primarily built on WordPress, which run on an outdated content management systems (CMS) or use old plugins, according to a blog post by Andra Zaharia, a Heimdal marketing specialist. The end result is the installation of the TeslaCrypt ransomware that can encrypt a wide variety of file extensions.
Heimdal said 58.7 percent of the world’s 1 billion websites use WordPress and over 20 percent of WordPress-based sites use an outdated CMS potentially opening 142 million sites to being compromised.
“We have already spotted 24 websites in Denmark which deliver the payload via the malicious script injection, and payloads are rotated constantly,” said Zaharia.