Fake WordPress site releasing backdoored code

November 7, 2008

Don’t mistype “wordpress.org” because you could end up downloading compromised code. Some hackers have set up www.wordpresz.org. The code sends cookie contents to a hacked program hosted on wordpresz.org and could expose passwords and other identifying information.

UPDATE – Looks dead now.

The backdoored pluggable.php file attempts to send the stolen data to wordpresz.org/tuk.php which is still accepting cookies if the requests are properly formatted. The spoof is a nearly perfect combination of social engineering, typosquatting and the natural EstDomains connection as the domain registrar, nearly perfect in the sense that they couldn’t duplicate the whole WordPress.org potentially raising suspicion at the end user’s end.

The site is on the same IP address as a fake pharmacy site, proving that scammers always ring twice.

Tags: ,

Powered by Computer 2000


One Response to “Fake WordPress site releasing backdoored code”

  1. Best russian security electronic bulletin board. Welcome to http://coru.in/
    Cult Of Russian Underground

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: