Comments on: Vulnerable WordPress Leads to Security Blog Infection http://www.welivesecurity.com/2012/03/27/vulnerable-wordpress-leads-to-security-blog-infection/ News, Views, and Insight from the ESET Security Community Mon, 03 Feb 2014 08:49:00 +0000 hourly 1 http://wordpress.org/?v=3.7 By: Robert Lipovsky http://www.welivesecurity.com/2012/03/27/vulnerable-wordpress-leads-to-security-blog-infection/#comment-755 Thu, 19 Jul 2012 14:12:52 +0000 http://blog.eset.com/?p=12318#comment-755 Hello Sean,
Thanks for your comment, I looked at your blog post and the linked archive, it's an interesting technique. We have added detection for the exploit, it's now detected as PHP/Agent.AW.
As for your question where's the best place for this message (at least regarding our ESET communication channels) – I'd say the comment about your WordPress exploit experience landed well here in the blog. Otherwise, the appropriate place to submit samples to our lab is to send them to samples@eset.sk

]]>
By: Sean http://www.welivesecurity.com/2012/03/27/vulnerable-wordpress-leads-to-security-blog-infection/#comment-754 Wed, 18 Jul 2012 13:18:43 +0000 http://blog.eset.com/?p=12318#comment-754 Sorry for the off-topic, but where's the best place to post a "I think I've experienced a new WordPress exploit" message? Usually I can find lots of articles by people who have noticed this stuff before I do, but Google returns only one hit – my article – for the search ".tmpbz". I posted a comment on the WordPress forums, but they look a bit quiet.
According to the list of similarly-exploited sites I found (added to the article at foot), I'm far from being the only one who's experienced it. The ".tmpbz" pseudo filesystem thing looks interesting too – so why can I find nothing about it?

]]>
By: Robert Lipovsky http://www.welivesecurity.com/2012/03/27/vulnerable-wordpress-leads-to-security-blog-infection/#comment-753 Wed, 04 Apr 2012 14:52:43 +0000 http://blog.eset.com/?p=12318#comment-753 @sravan: My guess would be that it's not Blackhole, as Blackhole typically uses PHP scripts, not CGI.
@Janus: Glad you like it.

]]>
By: Janus http://www.welivesecurity.com/2012/03/27/vulnerable-wordpress-leads-to-security-blog-infection/#comment-752 Sat, 31 Mar 2012 09:10:45 +0000 http://blog.eset.com/?p=12318#comment-752 As a avage user this blog gives me a good understanding for how easy it is to get infected,visiting well respected websites that you normally would consider to be "safe".   And the blog remind me also about, that besides a good strong antivirus solution like Eset provides, you need a good solid and complete backup of your system, so you can restore to any given point, anytime.
Thanks to Robert, thumbs up. :-)
 
 

]]>
By: sravan http://www.welivesecurity.com/2012/03/27/vulnerable-wordpress-leads-to-security-blog-infection/#comment-751 Fri, 30 Mar 2012 06:10:00 +0000 http://blog.eset.com/?p=12318#comment-751  JavaScript present in images looks like they are related to Blackole Exploit

]]>