Breaking News: Reader’s Digest and other WordPress sites are compromised

A large num­ber of Inter­net users have been infect­ed via the Angler exploit kit, after vis­it­ing com­pro­mised sites in the past week. The hack­ing cam­paign has been pushed from many Word­Press sites, most notably that of Read­er’s Digest — the pop­u­lar, month­ly fam­i­ly mag­a­zine.

Accord­ing to secu­ri­ty blog, Mal­ware­bytes, the attack con­sists of com­pro­mised Word­Press sites inject­ed with mali­cious script that launch­es anoth­er URL whose final pur­pose is to load the Angler exploit kit. Own­ers of attacked Word­Press sites should remem­ber that although the inject­ed scripts and URL’s fol­low the same pat­tern, they vary over time.

In the ini­tial inves­ti­ga­tion by Mal­ware­byte, it was found that the Necurs back­door tro­jan is loaded on the com­put­er of vis­i­tors to the infect­ed sites, deliv­ered by the Bedep tro­jan via the uploaded Angler Exploiter Kit. If you have vis­it­ed Read­er’s Digest or any oth­er com­pro­mised site, run a secu­ri­ty scan on your com­put­er.

But if you are one of the infect­ed sites, then don’t hes­i­tate in con­tact­ing us. It is our spe­cial­ty to clean up all mal­ware and hack­er attacks on Word­Press sites. We have a high­ly expe­ri­enced team who have seen all kinds of virus­es and mal­ware, and effec­tive­ly dealt with them.

In an email to SCMagazine on Tues­day, Read­er’s Digest spokesper­son Pauli Cohen said, “We became aware of the mal­ware attack last week and have been work­ing with our secu­ri­ty provider, tech­nol­o­gy part­ners and plat­form provider to inves­ti­gate the issue and per­form exten­sive secu­ri­ty checks on our web­site. At this point, we are address­ing all known vul­ner­a­bil­i­ties of the site. We take secu­ri­ty very seri­ous­ly and are tak­ing every step to ensure the integri­ty of our site.”

Although it is our spe­cial­ty to help restore secu­ri­ty to hacked Word­Press sites, we believe it is always impor­tant to guard your­self against an attack in the first place. Get­ting your site back up and run­ning is no prob­lem for us. How­ev­er once you’ve real­ized that your site has been hacked, then give us a call at +1 (650) 600‑1970 as soon as pos­si­ble to mit­i­gate the dam­age.