Author Topic: WordPress hack analysis..  (Read 2532 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
WordPress hack analysis..
« on: April 25, 2010, 10:49:37 PM »
Hi malware fighters,

In the light of the manifold recent hacks of reputable sites, let us show some light on the malicious use of the "eval" and "write document" commands, not really necessary in malicious scripts, but let us analyse such an attack according to the info via this link:
http://www.sourcesec.com/Lab/wordpress-hacked.html
and
http://www.sitepoint.com/blogs/2005/02/27/eval-is-dead-long-live-eval/

So keep your in-browser protection up with NoScript and RequestPolicy extensions installed inside the Mozilla browser
and do not click these links without being protected by the avast shields,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!