Outdated websites deliver TeslaCrypt via Neutrino Exploit Kit: Heimdal

Heimdal Security reported an increase in malicious scripts being placed into legitimate websites that then redirect the victim to the Neutrino Exploit Kit in an attack that could potentially impact more than 400 million web users.

The attack works by targeting websites, primarily built on WordPress, which run on an outdated content management systems (CMS) or use old plugins, according to a blog post by Andra Zaharia, a Heimdal marketing specialist. The end result is the installation of the TeslaCrypt ransomware that can encrypt a wide variety of file extensions.

Heimdal said 58.7 percent of the world's 1 billion websites use Wordpress and over 20 percent of WordPress-based sites use an outdated CMS potentially opening 142 million sites to being compromised.

“We have already spotted 24 websites in Denmark which deliver the payload via the malicious script injection, and payloads are rotated constantly,” said Zaharia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.