Websense: Injections Hit WordPress Sites

(Ping! Zine Web Hosting Magazine) – If you’re using popular blogging platform WordPress to maintain your site(s), be on the lookout. On Monday, online security firm Websense reported on nearly 200 thousand websites that had been hit by a hacking injection that causes users to receive a Trojan virus.

A high majority of those sites relied on WordPress. It’s an issue the company said it had been following for months now. According to the report, the injection worked by presenting itself as code in users’ web platforms. The injection would then redirect users to a fake virus scan which would thus give them a Trojan. Not good, right?

Describing the scam injection, Websense stated, “The page looks like a Windows Explorer window with a “Windows Security Alert” dialogue box in it.  The fake scanning process looks like a normal Windows application, however, it is only a pop-up window within the browser.”

In addition to reporting on the injection, the security company also tracked which countries were most affected by the issue. Seemingly, more than 85% happened to originate in the United States.

Today WordPress represents one of the most popular blogging platforms on the web, commonly used by top companies to operate their web presences. It’s also a common target of spammers and hackers. In June, an unauthorized intruder modified coding for top WordPress plugins including WPTouch and W3 Total Cache, leading WordPress.org to ask users to change passwords.

As a company, Websense’s solutions pertain to email protection, cloud, data loss prevention, web security and more. In February, the company revealed that for the fourth time, intelligence firm IDC had named it number one for web security. To view Websense’s report regarding the injections, go here (community.websense.com).