IXDownload.Com, the Internet’s leading network and computer security resource and news source, launches a new resource page that lists tips and resources that help web users avoid malware/botnet trojans that use old WP installs’ vulnerabilities.
With over 22 million installs, WordPress is the defacto standard for standalone blogging on the Internet. However, according to a 2009 New York Times estimate, a whopping 95 percent of blogs are abandoned shortly after they are created. Applying this figure to WordPress’ self-reported installed base, this reveals a huge dormant base of WordPress installs that no longer get updated. “It appears WordPress’ success is also the cause of many of web visitors’ security headaches”, noted Oliver Thompson of IXDownload.
Malware authors and distributors regularly scan the the Net through targeted searches for older installs to exploit security vulnerabilities in these abandoned, and therefore unpatched, installs. These hackers install malware/trojans which allow them to victimize the visitors of these abandoned blogs. These visitors’ computers are turned into “zombie computers” which constitute a “botnet” used for spamming, denial of service attacks, spreading malware, and other illegal activities.
Just this past April, hackers used an SQL injection or database vulnerability found on WordPress blogs hosted by one of the Internet’s biggest web hosting companies and domain registrars, Network Solutions. Hackers caused the blogs to redirect to a website which then loads a variant of the BUZUS trojan. Shortly after, bloggers that use the shared hosting services of another giant domain registrar and host, GoDaddy, also report similar attacks on their older WordPress installs.
These recent attacks are just the latest examples of the never ending security challenge created by a huge installed base of unsecure and abandoned websites and a decentralized band of profit-driven hackers looking to create a self-perpetuating and self-propagating network to spread malware. “While WordPress is extremely secure when it is upgraded to the latest version, it poses a major network security risk when it is abandoned since the latest patches only apply to the latest version of the script. Older, unpatched versions are ticking time bombs scattered all throughout the Internet”, said Thompson.
IXDownload.Com’s new Blog Malware Protection and Prevention Resource Page combats these threats by listing practical tips and free blog security plugins and other tools. The Resource Page is divided into two sections: resources for owners of wordpress blogs and internet users who read blogs. “These two groups of individuals are indispensable to addressing the problem of malware-spreading abandoned WordPress blogs,” explained Thompson. “The security threat post by abandoned WordPress blogs can’t be fixed unless both sides do their part in addressing the problem.”
Solutions and resources for blog owners focus on best practices to increase their blog’s security such as latest version updates, finding secure plugins, preventing version scanning, comment security, login hacking prevention, and diagnostic scanning. “However, the biggest and most crucial part of the solution to abandoned WP blog-based malware distribution threats are the precautions a responsible blogger should take in the event that the blog owner no longer has the time or motivation to update his or her blog,” said Thompson. The Resource Page outlines best practice steps that bloggers should follow, in coordination with their web hosting services’ technicians, to prevent their blogs becoming malware distribution sites. “Followed properly, the protocol we are suggesting helps protect bloggers against possible future attacks or liability arising from their abandonment of their blogs,” noted Thompson.
IXDownload.Com’s WordPress Blog Malware Protection and Prevention Resource Page also lists best browsing practices Internet users can put into use, so they can anticipate, prevent, and fix WordPress blog-related malware attacks. Among the tips and resources discussed are how to use search engines to skip suspected attack sites, configuring browsers to block attack sites from loading, setting up alternative and backup scanning processes, among other tips. The Resource Page also lists tried and tested malware detection and cleaning applications.
“Information truly is the best anti-botnet weapon available on the Internet,” says Thompson. Armed with the right resources, tools, and policies, responsible bloggers and informed blog visitors can ensure that the threat posed by abandoned WordPress blogs is minimized.
IXDownload.Com is the Internet’s leading software information and resource site focusing on a wide range of security, productivity, and multimedia applications.