M86 Labs the security company states that the infamous 'Phoenix' attack toolkit was recently found exploiting vulnerability within WordPress version 3.2.1, published V3.co.uk dated January 31, 2012. As observed, during the past days, the attack infected hundreds of websites, the company said.
The attacker, to get Web-surfers land on compromised sites, dispatched thousands of spam mails inquiring about an unknown invoice as also directing recipients that they should follow a given web-link. This web-link apparently, takes onto a web-page that's part of the hijacked WordPress sites. Moreover, the sites, which contain an invisible iFrame, look lawful to anti-spam solutions, while the iFrame as such downloads the Phoenix by connecting to a Russian-based Web-server.
Landing on the web-page, however, places the Web-surfers precariously on a site, which tries to abuse several vulnerabilities within Adobe's Flash and PDF, Microsoft's Internet Explorer, as well as Oracle's Java. Eventually, the assault disseminates Cridex-B, an information-stealing Trojan virus.
...
