Wordfence Weekly August 14 2019 – August 20 2019

A weekly report of noteworthy threat data by the Defiant threat intelligence team.

Notable Vulnerabilities

Name: WP SVG Icons <= 3.2.2 - Cross-Site Request Forgery (CSRF) leading to RCE
Description: Attackers can trigger a malicious file upload via CSRF, leading to code execution.
Type: A5 – Broken Access Control
Name: WP Fastest Cache <= - Directory Traversal
Description: Attackers can create blank index.html files in arbitrary locations if Google Translate plugin is also installed. Attackers can read files outside of the intended cache directory on Windows hosts.
Type: A3 – Sensitive Data Exposure

Most Common New Infections

Malware samples identified on the greatest count of newly infected sites.

MD5 Signature Description Example File Names
CEC9A529B43D84F0A0E3624372CD9C51 Backdoor:PHP/WP-VCD.5409 Infected core file, triggers execution of another malicious script. post.php
CBF518A7A6722D9C7A9086E57E062737 Backdoor:PHP/wp-vcd.5476 Backdoor associated with SEO spam injections. wp-vcd.php
BF226C41D0B4C42458516BDBD5E7F446 Spam:PHP/oclasinsert.5483 SEO spam code injector. wp-tmp.php
380FA777B8C37FB60811E5972391261B Suspicious:PHP/evalB64.4068 WebShellOrb PHP webshell. wp-update.php, ob.php, aw.php, and others.
3F60851C9F7E37C0D8817101D2212C68 Suspicious:PHP/evalB64.4068 Obfuscated PHP backdoor. number.php, hour.php, country.php, and others.

IPs Attacking Most Sites

Rank Prev. IP Address ASN Country
1 15169 (Google LLC) United States US
2 7 14061 (DigitalOcean, LLC) Singapore SG
3 16276 (OVH SAS) United Kingdom GB
4 14061 (DigitalOcean, LLC) United States US
5 14061 (DigitalOcean, LLC) United States US
6 16276 (OVH SAS) France FR
7 16276 (OVH SAS) France FR
8 16276 (OVH SAS) Poland PL
9 31034 (Aruba S.p.A.) Italy IT
10 16276 (OVH SAS) France FR

New Tracked Domains

Domain Name Date Added Current Status Notes
go.activeandbanflip.com 08/19/2019 Up Associated with malvertising campaign.

Subscribe To The Wordfence Weekly

Did you enjoy this post? Share it!

Recent Issues