BIS News, WordPress

WordPress Security: .rr.nu Malware Mass Site Attacks (and Removal Tool)

WordPress Security: .rr.nu Malware Mass Site Attacks (And Removal Tool)
Posted: April 25, 2012 at 2:23 pm   /   by   /   comments (0)

SECURITY ALERT: .rr.nu Malware

There's a hacking campaign that's been targeting WordPress websites, with thousands of websites recently compromised. It is not yet known where or how they are getting in, and it seems it is also very hard to clean & many users say it just keeps returning..... Many affected users also reported that they are hosted on Dreamhost, but it is not yet sure if that is just a coincidence.

Sucuri (Security website) say it might be due to running out-dated versions of WordPress, and or plugins and themes (but not current WordPress versions). Sucuri has said:

"we can safely rule out any new vulnerability on WordPress itself"

The hackers seem to be infecting many different files, and they leave links pointing to various .rr.nu domains.

 

What To Look Out For

A piece of script containing a link to a URL with a .rr.nu address usually gets added to the footer of the hacked sites (....there are often many other files affected too - read the articles I have provided links to below in order to learn the full extent of the problem). Many users have reported that it is very hard to remove and just seems to return again and again.

 

How To Remove The Infection

There is a free site online scanner from Sucuri (see link below) that you can use to see if your site has been compromised or not (note: this tool will also find any other forms of infections too, so it's useful to use even if you don't have the .rr.nu malware infection).

There is also a free tool for removing any infection (see link below). Naturally it goes without saying that you should always do a backup first before using any sort of removal tool......

 

Links to More information:

 

  • Free tool to remove the .rr.nu  malware: https://github.com/walkeralencar/rrnuVaccine
    (Please Note: this tool was created by another user, and is mentioned within the first Sucuri article I posted above - However, I cannot vouch for it as I haven't personally used it / needed it yet, but the other users say it has worked for them)

 

Hope this helps,

Karen

Share and Enjoy:
  • Print
  • email
  • Add to favorites
  • Facebook
  • Twitter
  • LinkedIn
  • Yahoo! Buzz
  • Google Buzz
  • Google Bookmarks
  • Digg
  • StumbleUpon
  • del.icio.us
  • MisterWong
  • Diigo
  • Reddit
  • NewsVine
  • Tumblr
  • Ping.fm
  • Plurk
  • RSS

What Others On This Site Are Reading:


The following two tabs change content below.
Karen Banting
Karen Banting is the primary author for Business-In-Site.com and writes about a variety of topics, including: Online Business, SEO, Marketing, Software and more....
s2Member®