23,000 web servers infected with CryptoPHP backdoor

Discussion in 'other security issues & news' started by hawki, Nov 28, 2014.

Thread Status:
Not open for further replies.
  1. hawki

    hawki Registered Member

    Dec 17, 2008
    DC Metro Area
    28 November 2014

    More than 23,000 web servers were infected with a backdoor called CryptoPHP that’s bundled with pirated themes and plug-ins for popular content management systems.

    CryptoPHP is a malicious script that provides remote attackers with the ability to execute rogue code on web servers and to inject malicious content into web sites that are hosted on them.

    According to Dutch security firm Fox-IT, which published a report about the threat last week, the backdoor is used primarily for black hat search engine optimisation (BHSEO), an operation that involves injecting rogue keywords and pages into compromised sites to hijack their search engine rankings and push malicious content higher up in search results.

    Unlike most web site backdoors, CryptoPHP is not installed by exploiting vulnerabilities. Instead attackers distribute pirated versions of commercial plug-ins and themes for Joomla, WordPress and Drupal through several sites and wait for webmasters to download and install them on their own web sites. Those pirated plug-ins and themes have the CryptoPHP backdoor embedded into them........................."

  2. Minimalist

    Minimalist Registered Member

    Jan 6, 2014
Thread Status:
Not open for further replies.