Be careful on surfing.

http://www.bgr.com/2012/04/23/security-firm-identifies-origins-of-flashback-mac-virus/
On the news lately has been how WordPress blogs have been used to infect Macs.  On the wordpress side of the blog site (http://blogs.msmvps.com) we had an interesting event the other day.


We started getting reports from bloggers and readers that Eset,MSE and other virus engines kept alerting of a malicious javascript on the site.


Did multiple scans, did a Windows Online forensic analysis and found no malicious code actually “on” the box.  What I did find was that it appeared that plug ins on the site appeared to be calling javascripts.  It even appeared that possible googleapis were involved.  We rebuilt the WordPress side, leaving off all googleanalytics plug ins.  And making sure that all timthumbs on the site were updated.  Several themes from paid sites I downloaded still had vulnerable timthumb files in there.


But bottom line I’m not feeling warm and fuzzy.  I put in a url blocker to block any .class urls called into the blog to ensure that if there’s any plug ins had any malcious javascript they would be blocked.  But the site had the latest wordpress.  Bottom line, I’m not feeling warm and fuzzy that one can really secure a wordpress site.  So be careful when surfing… EVEN on this web site.

2 Thoughts on “Be careful on surfing.

  1. Joe Raby on May 1, 2012 at 10:52 am said:

    Ad companies don’t exactly care about a lot of the ads that circulate through their network so long as the buyer still pays their bill. This is one of the reasons why I’m looking for Windows 8′s Metro IE10 to put a good big nail in the coffin of Java and Flash.

    Javascript exploits are still a concern, but this is also another reason for ad networks to prevent scriptability in their ads, which I’ve always been an advocate for. It’s funny because sites like icanhascheezburger.com (which Microsoft likes to tout as being a web development partner with its various technologies) calls IE the worst browser on the Internet, and yet it blocks ICHC’s cross-site scripting flaws in Javascript, and the tracking protection kills most of their ads. Cheezburger has also had a record of having numerous malware ads on their various sites too, but their response is “use a real web browser”.

    What’s also funny is that after Microsoft drops their Windows Live Spaces platform and choosing WordPress as their blog partner, WordPress is used to infect Mac’s. Conspiracy theorists, this is the story for you!

  2. SeanPT on May 1, 2012 at 5:34 pm said:

    I try to minimize the plugins I use on WordPress sites so that I can minimize exposure to malware. I also try to use plugins from developers with a good history of WordPress development. Finally, it is also worthwhile to give the code a once over on simple plugins to check for anything blatantly nefarious.

    I take the same approach with themes and frameworks as well.

    Finally, I delete any unused themes and I delete any unused plugins to minimize exposure.

    http://codex.wordpress.org/Hardening_WordPress has some more tips.

    Generally speaking, the wordpress core is very strong. But vulnerabilities quickly come to the addons and the platforms it is hosted on. It kind of reminds me a lot of SBS. Easy to setup, by default pretty darn secure, by so easy to messup as well.

Post Navigation