Navigate This Site

Philip Ramsey Headlines

Monday, November 21, 2011

Wordpress - the new platform for spreading malware

Index of /wp-content/plugins/extended-comment-options

Lately, I've been receiving spam mail from a compromised Hotmail account that sends out links to compromised Wordpress blogs. Or maybe the Wordpress blogs were setup specifically to redirect visitors to phishing sites that are part of a bot.net network.


Three things all these spam messages have in common are the location of the redirect HTML file, the message that appears for 4 seconds before being redirected to the phishing site and being redirected to a site operated by Russian hackers working with the Chinese.

The web page location contains "/wp-content/plugins/extended-comment-options/". And the message displayed for 4 seconds is
You are here because one of your friends have invited you.
We try to be helpful for you.
Page loading, please wait....


The website you are redirected to is usually hosted in a former Soviet block country that is controlled by Russian hackers that may or may not work with the Chinese. These sites usually "sell" Viagra and other sex enhancing products. However, all they want is your credit card number. The ones working with the Chinese will direct you to a Chinese site, when you click "Add to cart" or "Check out", where your computer will be loaded up with malware.

Since the Chinese bought Yahoo! there has been less phishing attacks from compromised Yahoo! email accounts but a big increase in Phishing attacks coming from compromised Hotmail accounts. Could Microsoft be the next technology company the Chinese buys? Is there a plot to take over the West by using western technology to take them over?

First, about three years ago, M.I.T.'s Technology Review had an article that estimated at least 50% of all electronic devices, including computers, PDA's and MP3 players, manufactured in China for western companies had malware embedded in it at the factory. Then Lenovo, a Chinese technology company, bought the personal computer division of IBM. About the same time Yahoo email accounts started been hacked into by Russian hackers working with Chinese secret agents.

Second, Google reports in January 2010, Chinese hackers had hacked into a number of Gmail accounts belonging to Chinese human rights activists. Phishing attacks from compromised Yahoo accounts increase also. There is changes on the board of directors at Yahoo. There was also attempts at using Google accounts to launch phishing attacks but I guess they were unsuccessful.

Third, Yahoo fires Carol Bartz and agrees to be bought by a Chinese company. Since then, phishing attacks start originating from Hotmail. This makes me wonder, are the Chinese trying to take over the world by using phishing attacks? Are they trying to isolate Google? Are they using Chinese made electronic devices to capture our username and password for our online accounts?

Fourth, Facebook recently admits to being used for spamming their members. Since Microsoft owns 10% of both Apple and Facebook, could Microsoft be the next Chinese take-over target? Are all these events related?

Powered by ScribeFire.

No comments:

Post a Comment