3500 websites infected, including WordPress
Symantec Security has identified a common JavaScript that
has infected over 3500 websites globally. Symantec has discovered that there is
a pattern in these codes. They are of similar nature and have infected websites
around the world. It is stated by Symantec that the codes are not harmful and
do not hamper the performance of these websites. However, these codes are
designed to collect the personal information of the visitors of the website
such as their IP addresses, language settings, URL details and even the version
of Java these users have installed on their computers.
Almost 3 quarters of the websites infected are based in the
United States followed by several other countries such as India, the United
Kingdom, Australia, Japan, Italy, Canada, France, Brazil and Russia. Although
innocuous in nature, the very that the attack has been able to infect so many
websites across the continents show the level of vulnerabilities these website
The attackers, it seems have used an automated script to
scan for vulnerabilities in these websites and when these were discovered, they
injected the malicious codes at the top of the website codes. Such automated
scripts help attackers identify bugs in the codes of the website that are easy
to attack and manipulate.
The most shocking aspect of this attack is that it has been
able to infiltrate even WordPress websites. Symantec has stated that the attack
could infect just one “Common Content Management System”. WordPress in the past
has been found vulnerable to such attacks. These vulnerabilities have existed
in the plugins, customised themes and even the core of WordPress. An attack of
this scale can spell doom for WordPress that serves around 25 percent users on
the internet.


Even if the current attack seems harmless and is intended to
gathering data, it could be a reconnaissance for a much larger attack. It can
be used as a platform to gather necessary information about the websites, users
and their usage patterns and then can be used to launch a more serious and
harmful attack. It would not take long for the hackers to replace these codes
with the more malicious ones. It is critical that these security
vulnerabilities are checked immediately.