Fake SEO Plugin Used In Recent WordPress Malware Attacks

Malware masquerading itself as an SEO plugin named WP-Base-SEO has infected around 4,000 WordPress sites in the past 2 weeks, according to internet security experts. The intention of the hackers behind this latest WordPress malware is to hide in plain sight, appearing as legitimate SEO plugin, at the same time creating a backdoor to the targeted website.

“The hackers have stolen the code from an existing, legitimate SEO plugin and tweaked it to appear genuine. That way, should a site owner look for suspicious activity, they might easily overlook it as a valid SEO plugin,” said Weston Henry, a leading security analyst at security firm SiteLock, that found the bogus plugin this week. The fake WP-Base-SEO plugin is a forgery of a legitimate search engine optimisation plugin called WordPress SEO Tools..

A closer examination of the fake WP-Base-SEO malware reveals its malicious intent in the form of a base64 encoded PHP eval request, according to a technical blog that examines the plugin. “Eval is a PHP function that executes arbitrary PHP code. It is commonly used for malicious purposes and php.net recommends against using it,” SiteLock said.

Attacks like this are common place with WordPress installs and the risk that you take should you go down the DIY website builder route. Users happily and without much thought install a range of plugins to enhance the features of their website, whilst at the same time slowing down the already slow system, but that’s a matter for another article and what many users don’t realise is that these plugins can be written by anyone and you are putting your website at risk every time you install one.

People usually choose WordPress installers over bespoke developers because of the cost. Of course it’s a lot cheaper to pay someone to install some software rather than code you a website but if you want to a more professional impression and get your online business noticed then a bespoke website should be the first step.

Unfortunately all web design is not the same and there are far more amateur designer installing third party packages such as WordPress, sometime without the clients knowledge. In the past the cost used to be a dead giveaway but nowadays a package install can cost as much, if not more than professional, bespoke web design.

If you are looking for professional web design in the UK then Key Designs based in Leigh, Greater Manchester are a web design company at the top of their game able to create bespoke websites, custom dashboards, content management systems, bespoke customer relation management systems, invoicing systems and more. We also design PDF brochures, build landing pages and design HTML emails for online marketing campaigns.

Advertisements
Tagged with: , , , , ,
Posted in SEO, Web Design

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: