by | 10 Oct 2015

WordPress & Joomla sites infected with Adoble Flash Files

Hundreds of websites based on WordPress and Joomla dynamic content systems (CMS) have been attacked for 5 months by a malicious Flash file. The .swf file injects code into the pages of the sites through an iframe. The code then redirects the browser to a malware that is injected into the visitor’s computer. The SWF malware is really difficult to detect. Discover in this article the vector attack of this SWF malware and dedicated  cybersecurity solutions to protect your website.

Anatomy of a Flash malware attack

Adobe Flash is very popular within sites and web applications, whether to embed videos or animations that make browsing more enjoyable. As SWF files are executed through an Adobe Flash Player, if your software version is outdated you are likely to be vulnerable to this malware (Official link to update Adobe Flash Player).

The SWF malware has been detected several months ago on Joomla sites. But in recent weeks, the malware has spread to WordPress sites and is now targeting more than 50% of the CMS users (source: TrendBuildWith). This new generation of malware operate with great discretion, you may already be infected without knowing it.

The Flash malware is systematically injected into this directory /images/banners for Joomla or WordPress, and takes any name with a .swf extension followed by a sequence of random characters. The malware is virtually undetectable, and will surely evolve to target new platforms (Drupal, Magento, PrestaShop …).

Vulnerabilities and Malware detection

If your website is compromised by a malware and performs criminal operations without your knowledge, you are liable. Fortunately, some advanced security systems to prevent and detect malware like this. Are you part of potential compromised websites?

WordPress and Joomla are the most used CMS in the world, and therefore the most studied by hackers looking for vulnerabilities. Not forgetting that 80% of extensions, plugins and themes available for free contain malware. Using a CMS without a viable cybersecurity solution is a real challenge (readthe article: CMS, a prime target for hackers).

OZON is an all-in-one cybersecurity solution that integrates vulnerability assessment and malware detection on any type of website, transactional or not. Depending on the risk level of your site, the protection rules are automatically generated to prevent any sophisticated cyber-attacks. Assess your site risk level for free:

Malware CMS