Several WordPress-based websites, including the Reader’s Digest site, have been on the receiving end of a another hacking campaign, this one injecting the sites with malware that has uses Angler exploit kit upload various trojans.
Malwarebytes is reporting an increase in the number of compromised WordPress sites with the Reader’s Digest, www.rd.com, being one of the most high-profile victims. In the latest cases the malicious script is uploaded through a compromised web page that redirects visitors to a URL that then uploads the Angler EK. Malwarebytes said during the course of its investigation it witnessed the Angler EK delivering the Bedep trojan which, in turn, loaded the Necurs backdoor trojan onto the visitor’s computer.
Malwarebytes did note that the payload being delivered varied from site to site and even day to day.
The Angler EK exploits up to Flash Player version 188.8.131.52,which was patched by Adobe on October 16.
This is the second time in a week that sites using WordPress were in the news playing the role of victim in an attack. Those incidents reported last week targeted the U.K. newspaper The Independent.
Reader’s Digest, which is part of the Trusted Media Brands portfolio, was notified of the problem by Malwarebytes, but the company said the publisher has not taken any action and that www.rd.com is still delivering malware.
Reader’s Digest spokesperson Pauli Cohen told SCMagazine.com in an email Tuesday, “We became aware of the malware attack last week and have been working with our security provider, technology partners and platform provider to investigate the issue and perform extensive security checks on our website. At this point, we are addressing all known vulnerabilities of the site. We take security very seriously and are taking every step to ensure the integrity of our site.”