Researchers at M86 Security, formerly 8e6 Technologies, have uncovered a targeted attack campaign against websites using WordPress 3.2.1. The attack uses the Phoenix exploit kit which was first spotted on the Internet in 2007 and has a long history of causing problems for IT security personnel.
Over 400 were compromised in this attack as reported by Daniel Chechik on the M86 Security blog. The compromising content is not uploaded to the homepage of the website and will not show up when users browser these websites.
Instead, the attackers sent thousands of malicious emails to lure unsuspecting users to the infected pages. It’s apparent that the attackers motivation was to use legitimate websites to bypass URL filtering and reputation based filtering systems in order to compromise their victim’s systems.
More detailed information on the attacks can be found here at the M86 Security Labs blog.
M86 Security provides Secure Web Gateway technology that protects users from exactly these types of attacks. It is the only vendor we are currently aware of that has the ability to use non-signature based methods for detecting attacks by opening up web pages in a virtual environment to see what the code does once it executes.
Based on our present knowledge, all other secure web gateway vendors currently used signature based detection of malware. Most only use virus and malware signature databases from vendors such as McAfee and Sophos while a few use zero day filtering which still relies on signatures.
The weakness with these techniques is that most exploits do not reuse previously detected code. Furthermore, most exploits that use renovated code also employ code obfuscation so that it is not comparable to the original code and virtually undetectable by signature or zero day scanning.
M86 Security acquired this technology from Finjan when that company was acquired by M86 in 2010. M86 Security also has industry leading web filtering and email or messaging security from 8e6 Technologies and Mail Marshal, the two companies that merged to form M86 Security in 2008.