Wordfence Weekly August 21 2019 – August 27 2019

A weekly report of noteworthy threat data by the Defiant threat intelligence team.

Notable Vulnerabilities

Name: Bold Page Builder <= 2.3.1 - Unauthenticated Options Update
Description: Unauthenticated attackers can inject XSS payloads via a custom CSS field.
Type: A5 – Broken Access Control

Most Common New Infections

Malware samples identified on the greatest count of newly infected sites.

MD5 Signature Description Example File Names
CEC9A529B43D84F0A0E3624372CD9C51 Backdoor:PHP/WP-VCD.5409 Infected core file, triggers execution of another malicious script. post.php
BF226C41D0B4C42458516BDBD5E7F446 Spam:PHP/oclasinsert.5483 SEO spam code injector. wp-tmp.php
75234791B9CA71A16FC8432BE4F6A5D0 Backdoor:PHP/wp-vcd.5476 Backdoor associated with SEO spam injections. wp-vcd.php
CBF518A7A6722D9C7A9086E57E062737 Backdoor:PHP/wp-vcd.5476 Backdoor associated with SEO spam injections. wp-vcd.php
71D5C2324F1BDB413CD261EB2867F5DA Suspicious:PHP/upload.curl.6655 PHP script which fetches additional malware remotely. pages.php

IPs Attacking Most Sites

Rank Prev. IP Address ASN Country
1 1 34.66.172.238 15169 (Google LLC) United States US
2 2 167.71.220.178 14061 (DigitalOcean, LLC) Singapore SG
3 84.246.231.100 35393 (CTS Computers and Telecommunications Systems SAS) Spain ES
4 185.81.157.180 198375 (Inulogic Sarl) France FR
5 89.189.179.78 34757 (Sibirskie Seti Ltd.) Russia RU
6 192.99.38.186 16276 (OVH SAS) Canada CA
7 213.128.89.176 42926 (Radore Veri Merkezi Hizmetleri A.S.) Turkey TR
8 217.182.95.250 16276 (OVH SAS) France FR
9 167.99.57.138 14061 (DigitalOcean, LLC) United States US
10 46.101.103.184 14061 (DigitalOcean, LLC) Germany DE

New Tracked Domains

Domain Name Date Added Current Status Notes
adelia.chickenkiller.com 08/21/2019 Down MySQL server host used in taking over unfinished WordPress installations.
ellcurvth.com 08/22/2019 Up Associated with malicious redirect campaign.
humsoolt.net 08/22/2019 Up Associated with malicious redirect campaign.
adsnet.work 08/26/2019 Up Associated with malicious redirect campaign.

Subscribe To The Wordfence Weekly



Did you enjoy this post? Share it!

Recent Issues

Archive