Malware in MailPoet Plug-in Attacks Thousands of WordPress Sites

MailPoet-WordCamp-logo

What happened?

On July 1, online security company Sucuri revealed a possible WordPress vulnerability on their blog. They confirmed the attack on July 23.

This security lapse allowed hackers to upload “malicious” custom themes remotely through MailPoet – a popular newsletter plug-in that has over 1.7 million downloads. The plug-in allowed the perpetrators to gain full control of a user’s website to host phising scams and distribute malware. Sucuri believes the bug can also overwrite files, making them hard to recover if not backed up. Continue reading

Major Internet Explorer Security Flaw Found

You may have already heard about this in the media, but a serious flaw has been discovered in all versions of Internet Explorer since version 6 up through the most current version 11.  The flaw allows a malicious site to send a Web page that could compromise your computer and give full access of your information to an external party. Microsoft is unlikely to issue a Windows XP fix for this bug due to its recent end of support for that platform. Therefore, Internet Explorer will remain compromised on this platform indefinitely. As always, use extreme caution when surfing the Web and only visit sites that you know and trust. To best protect your information and computer, it is strongly recommended that you use an alternate browser such as FireFox or Chrome  until the Internet Explorer flaw is resolved and an official patch is provided by Microsoft.

For more details about the Internet Explorer bug, read here.

Files On Lockdown

Aware of malware? What about sites preying on victims? Hopefully you are up to date on the latest news concerning the malware/ransomware Cryptolocker.  This is a devastating malware delivered through email via a .zip file.  Once you open the .zip file, it installs a virus on your computer that locks up all your files.  The virus then puts a message on your screen with a timer.

The message will instruct you where to send a payment to have your files unlocked. If payment is not received within the allotted time, your files will be frozen and lost to you forever. Much to the dismay of the malware criminals, they are losing money to people that have been infected with Cryptolocker and don’t understand what is happening and/or how to pay the ransom fee.  So in the spirit of world-class customer service, according to NBC News, the criminals have launched a website for victims to get information on how and where to pay the ransom. See how a small business came forward to report their experience with this devastating malware. Continue reading

Can You Protect Your Business from CryptoLocker Ransomware?

How can you avoid becoming a victim? There have been numerous news stories about the computer ransomware known as CryptoLocker, which has earned its creators $30 million since its September 2013 release.  Also known as malware, CryptoLocker installs on a computer via an infected link in an email. These emails appear to be from reputable companies with content that encourages the reader to make a quick decision to click on the corrupt link.  Once clicked, the malware loads onto the computer and locks down all the system files. CryptoLocker targets the most common files used in everyday business like Word and Excel.  A message appears asking for $300-$500 to unlock the system, along with a warning indicating any attempt to remove the malware will make the files unrecoverable.

Continue reading