1. Domingo Rivera
  2. Domingo Rivera Cyber Law
  3. Wednesday, 13 June 2018
  4.  Subscribe via email
​This is a post about malware that can be injected into the Wordpress CMS, the article is written by attorney Domingo J. Rivera.  Wordpress is an easy to use and very popular content management system (CMS).  Currently, it powers the majority of all Internet sites.  As such, it is a target of exploitation, and probably not a difficult one to break.  We are recently seeing yet another Wordpress attack.  This one is not one of the other many trying to perform denial of service attacks, steal credentials, or distribute malware.  This one seemingly was created to profit from someone else's content.  The malware gets injected into a website's Wordpress theme, into the functions.php file.... after also stealing user credentials!
If after reading this, you think your site was infected, you were a victim of a violation of the Computer Fraud and Abuse Act.  There may be civil or criminal remedies available.
We have recovered samples of this malware in the wild.  We have also been able to identify the domain names where the malware transmits the site's credentials.  At this time we are not posting those domain names or the Cloudflare servers used for domain resolution (shocking, malware writers using Cloudflare!).... Those are available to researchers or law enforcement.  Please contact AVM Technology to obtain the same.  
This particular piece of malware begins with PHP code:

Sucuri has a nice one.  
Any researchers who want the complete code, domain names involved, Cloudflare name servers or any other details, may contact Domingo J Rivera or AVM Technology, LLC.
Read full article
There are no comments made yet.

There are no replies made for this post yet.
Be one of the first to reply to this post!
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,jpeg,zip,rar,pdf
• Insert • Remove Upload Files (Maximum File Size: 2 MB)
Share Location

Sharing your current location while posting a new question allow viewers to identify the location you are located.

To protect the site from bots and unauthorized scripts, we require that you enter the captcha codes below before posting your question.