Elda Tan Seng and Francis Allan Tan Seng
In 2011, Wordpress powered one in five new websites created in the USA. Joomla, on the other hand, has been downloaded 27 million times and counting. Because of the popularity of these platforms, it is not surprising that they have started to be targeted for malware attacks. Recently, we’ve seen a rise in legitimate Wordpress and Joomla sites that have been compromised and manipulated to play a part in the spreading of malicious software. These sites often redirected to other malicious sites, or hosted the malicious files themselves, such as the Blackhole toolkit.
This presentation investigates how the malware is delivered through legitimate websites that use the PHP-based open source content management systems (CMS) Wordpress and Joomla. We will talk about the different attacks on these platforms. We will also discuss different vulnerabilities in popular plugins used for these services, such as TimThumb and 1 Flash Gallery. We will look into how these vulnerabilities were exploited and the different payloads used. Lastly, this presentation will tackle how to harden security on websites using these services.