Forgot your password?
typodupeerror
Google Security IT Technology

Compromised WordPress Blogs Poison Google Image Searches 87

Posted by Soulskill
from the blame-jessica-alba dept.
Orome1 writes "Google Image Search has for some time been littered with images that lure users to compromised sites that serve as doorway pages to other malicious sites. Part of the problem is that these compromised sites often use the WordPress publishing platform, which is infamous for the great number of security bugs that make it such a preferred target. This fact has been proven once again by security researcher Denis Sinegubko, who has pinpointed 4,358 WordPress blogs hijacked by unknown attackers and pumped full of popular search keywords and images, which redirect users to sites that try to scare them into buying a fake AV solution."
This discussion has been archived. No new comments can be posted.

Compromised WordPress Blogs Poison Google Image Searches

Comments Filter:
  • Fake AVs? (Score:4, Funny)

    by Nidi62 (1525137) on Tuesday August 09, 2011 @07:19PM (#37038474)

    pumped full of popular search keywords and images, which redirect users to sites that try to scare them into buying a fake AV solution

    It takes them to McAfee's website?

  • by Anonymous Coward

    I prefer the good old days when poisoned image searches would lure old people (that is, people over 29 years of age) to goatse sites. This would really freak out the older generation and their conservative ways.

    Those were the good old days. Now its all about money -:(

  • by rinoid (451982)

    No data released on the actual WP installations but it does provide GREAT FODDER for haters who gotta hate here on /. whining on about designers, html coders, etc... trying to swing big wood when in fact they too are just a bag of water.

    Anyway.

    I'd like to see data on the WP installations. What versions, what plugins, where any of the very basic security measures taken (strong password, file level permissions, proper .htaccess).

    And then I'd like to learn if they are installations which are manually installed

    • by nstlgc (945418)
      Aren't the measures you mention (password, permissions, .htaccess) exactly the kind of thing that your precious designers and "html coders" (whatever that's supposed to mean) would screw up?
      • by rinoid (451982)

        More haters gotta hate with the belittling speech codes. "precious designers"

        Who the frack said they were precious?
        Why do you suppose they are precious?
        Why do you presume they will automatically screw up?

        I've known people from all stripes of ambition and career to screw up, none inherently more than another.
        I'd go into stories of monumental screw ups specifically regarding networking crew, application programmers, or systems admins I've worked with but to what end?

        Take your bulloney elsewhere.

  • Hey dipshits - the "timthumb.php" thing TFA is talking about isn't part of the wordpress core. All the wordpress bashing is pretty much irrelevant because we're talking about vulnerabilities in third-party software.

    • by plover (150551) *

      For exapmple, many of the hacked sites (not all though) use themes that include a timthumb.php file that is known to have a security hole that allows attackers to upload .php files to a server.

      Emphasis added to make it clear: timthumb is NOT the source of the fail if it's not present on all the infected sites, or at least it's not the ONLY source.

  • True story: my wife found an image when searching for "purple bedroom set" that, when you clicked on it, took you to a Bing search for same. Now that was scary!

  • The only reason I can think of to use a redirect is for login depending on the type. I do know some use it to push a visitor to the new site. But they can click on a link on the page. So is it safe to say in our near future Google will be going after these redirect webpages? Possibly downgrading their usefulness? Just guessing here...correct me if I am wrong.
  • google could add search filters that excludes any site that is known to be poisoned, or maybe even a manual list edit that allows a more knowing person to filter out such sites.

  • So, out of a couple of million or so WordPress sites, more than 4000 are hacked?! It's madness I tell you, madness!

The IBM purchase of ROLM gives new meaning to the term "twisted pair". -- Howard Anderson, "Yankee Group"

Working...