Posts Tagged: sucuri security


10
Jul 12

Plesk 0Day For Sale As Thousands of Sites Hacked

Hackers in the criminal underground are selling an exploit that extracts the master password needed to control Parallels’ Plesk Panel, a software suite used to remotely administer hosted servers at a large number of Internet hosting firms. The attack comes amid reports from multiple sources indicating a spike in Web site compromises that appear to trace back to  Plesk installations.

A hacker selling access to a Plesk exploit.

A miscreant on one very exclusive cybercrime forum has been selling the ability to hack any site running Plesk Panel version 10.4.4 and earlier. The hacker, a longtime member of the forum who has a history of selling reliable software exploits, has even developed a point-and-click tool that he claims can recover the admin password from a vulnerable Plesk installation, as well as read and write files to the Plesk Panel (see screen shot at right).

The exploit is being sold for $8,000 a pop, and according to the seller the vulnerability it targets remains unpatched. Multiple other members appear to have used it and vouched for its value.

It’s unclear whether this claimed exploit is related to a rash of recent attacks against Plesk installations. Sucuri Malware Labs, a company that tracks mass Web site compromises, told SC Magazine that some 50,000 sites have recently been compromised as part of a sustained malware injection attack, and that a majority of the hacked sites involved Plesk installations.

Continue reading →


9
Apr 10

Hundreds of WordPress Blogs Hit by ‘Networkads.net’ Hack

A large number of bloggers using WordPress are reporting that their sites recently were hacked and are redirecting visitors to a page that tries to install malicious software.

According to multiple postings on the WordPress user forum and other blogs, the attack doesn’t modify or create files, but rather appears to inject a Web address — “networkads.net/grep” — directly into the target site’s database, so that any attempts to access the hacked site redirects the visitor to networkads.net. Worse yet, because of the way the attack is carried out, victim site owners are at least temporarily locked out of accessing their blogs from the WordPress interface.

It’s not clear yet whether the point of compromise is a WordPress vulnerability (users of the latest, patched version appear to be most affected), a malicious WordPress plugin, or if a common service provider may be the culprit. However, nearly every site owner affected so far reports that Network Solutions is their current Web hosting provider.

Network Solutions spokeswoman Susan Wade said the company is investigating the attacks, and that the company believes the problem may be related to a rogue WordPress plugin. Wade added that the attacks weren’t limited to just Network Solutions customers (although the company hasn’t supplied the author with any evidence to support that claim yet).

Continue reading →