Wordpress Security Team is sending out warning messages to thousands of wordpress users that their account has been compromised recently. Warning message include "We recently detected suspicious activity on your WordPress.com account. To protect your identity and keep your site safe, we’ve reset your password."
Message continue "To reset your password and get access to your account and blog, please visit WordPress.com. Click on “Forgot password?” in the Login toolbar to get started. It is very important that your password be unique because using the same password across different web applications increases the risk of your account being hacked."
Few hours ago I got mail from one of the 'The Hacker News' Reader that his wordpress blog (https://h4ck3r4life.wordpress.com/) has been compromised and he got same wordpress warning via email .When he login to his account, he saw that - Hacker post an article, title - "Im getting paid!" with an Image as article body shown below. Image hyperlink it to a survey site - http://surveyryphic.com/?=38823. This was a *.wordpress.com free blog.
On further search I found that, its not only his blog that has been compromised but also there are other 15000 more Wordpress users who have seen this spam article i.e "Im getting paid!" on their blogs. I just use google to find out the number of compromised blog, using dork -- site:wordpress.com "Im getting paid!" , and we got around a list of 15000 and more blogs that have same article with same image and Referal link to fake survey site.
I have also mark the day of post in above screenshot, its "1 DAY AGO" from writing of this article by me. Next, if we go to survey site, there is a signup page, if you want to become rich :P (obviously a greedy strategy to attract visitors).
But I ignore and sign up using my own email and website moved to another domainhttp://directredirection.be/thankyou3.html. Just after signup I got a mail from spammers that - "You're invited to participate." with option to click on "Claim My Spot", and I found Cybercriminals are using Bulk email campaign service form Getresponse.com, which is one of the biggest Email Marketing service. I contact Getresponse response team and still waiting for their reply about help to track down hackers.
Okay back, after clicking "Claim my Spot" from email I moved to another phishy site http://ecash0pinions.com/main.php?hop=ryph1, who are offering lots of Earn Extra Income From Home. There greedy strategy tagline is "Earn money by uploading videos".
So, in whole process this referral spam, that started from hacking of 15000 Wordpress blogs, we got three suspicious domains:
1.) http://surveyryphic.com
2.) http://directredirection.be
3.) http://ecash0pinions.com
After gathering more information, we found that :
1.) First to domains are Hosted same IP i.e 91.217.178.43 and 3rd one if on different 108.179.210.36
2.) "Rick Thomas" is the person who run "ecash0pinions.com" website, having Personal email:rickthomasvendor@gmail.com and Skype username: rickthomas.vendor.
3.) Another marketing sites by Rick is extremewealthmechanism.com.
4.) Most of his domains are Hosted on Russian hosting services.
May be Rick is not involved in these hacks, but possibly someone else using his referral system service to generate lots of money by directing thousands sites and readers via his referral link to such marketing sites.
Sour ce: www.thehackersnews.com
Sour ce: www.thehackersnews.com
No comments:
Post a Comment
Add your comments.All the inputs are important and valuable.