Posts by preciouscoder

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says
85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says

Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale.

The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named “CryptoPHP.” Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal. However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor.

In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins’ server.

“By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social-engineering site administrators into installing the included backdoor on their server,” Fox-IT said in its analysis on the attack.
Once installed on a web server, the backdoor can be controlled by cyber criminals using various options such as command and control server (C&C) communication, email communication and manual control as well. Other capabilities of the CryptoPHP backdoor include:
  • Integration into popular content management systems like WordPress, Drupal and Joomla Public key encryption for communication between the compromised server and the command and control (C2) server
  • An extensive infrastructure in terms of C2 domains and IP’s
  • Backup mechanisms in place against C2 domain takedowns in the form of email communication
  • Manual control of the backdoor besides the C2 communication
  • Remote updating of the list of C2 servers
  • Ability to update itself
  • Miscreants are using CryptoPHP backdoor on compromised Web sites and Web servers for illegal Search Engine Optimization (SEO), which is also known as Black Hat SEO, researchers said in its report. It is because the compromised websites link to the websites of the attackers appear higher in search engine results.

    Black hat SEO is a group of techniques and tactics that focus on maximizing search engine results with non-human interaction with the pages, thus violating search engine guidelines. These include keyword stuffing, invisible text, doorway pages, adding unrelated keywords to the page content or page swapping.

    The security company has discovered 16 variants of CryptoPHP Backdoor on thousands of of backdoored plugins and themes as of 12th November 2014. First version of the backdoor was appeared on the 25th of September 2013. The exact number of websites affected by the backdoor is undetermined, but the company estimates that at least a few thousand websites or possibly more are compromised.

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says

Care to share why do you think it’s a good idea?

buyers find other items faster with search

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says

This can help other authors?

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says
85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says

Please invite me https://dribbble.com/preciouscoder

many thanks :)

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says

Lucky author ^^

where is Lucky author badge :D

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says

85 posts
  • Has referred 1+ members
  • Has sold $1,000+ on Envato Market
  • Has collected 1+ items on Envato Market
  • Helped protect Envato Market against copyright violations
+2 more
preciouscoder says
http://3docean.net/item/peugeot-4007/916408

src=”https://0.s3.envato.com/files/10582878/Peugeot_4007_2007_360.ZIP”

by
by
by
by
by
by