This email is to notify you of a malware campaign targeting WordPress websites, in which the attackers are injecting a highly conditional malicious redirect.
It randomly affects your users, and pushes them to default7 (.)com / test0 (.)com / test246 (.)com domains, in which they then perform a Drive-by-Download attack on the user – targeting vulnerabilities in Flash and Java.
In all cases, the malware injects 10-12 lines of code at the top of the header.php file of the current WordPress theme.
Please take a few minutes to read the following release from security firm Sucuri, and check your WordPress environments.
Don’t forget that I build WordPress blogs here that are hardened against this type of attack.
Filed under: WordPress Security