Eset security company reported a bugs in WordPress. Even a website successfully hacked by the other party because of the vulnerability and managed to insert advertising into the site code.
According to Eset, if there is only one vulnerability in the theme or plugin it will result in damage to the website. The subsequent impacts could affect business operations, especially if the website there is also a facility for online financial transactions.
Like the examples mentioned above. Hackers do further vandalism to the site because he could access the server website. Eset Endpoint Security suite detects a virus on the website after trying to open web.
Security risks not only to the business website, as well as individual website. Even in some cases, a website for internet security was at risk for infection. One is zerosecurity.org.
"If you visit zerosecurity.org lately, on the user's computer Eset, the website will immediately be blocked because it detected a potential Trojan," said Eset.
Trojan or malware that is detected is likely to vary, but are from the same family of malware.
So far, Eset detect some generic trojan is obtained from multiple websites at different times. Generic trojan are:
A. JS / Iframe
2. JS / Kryptik
3. JS / Agent
JS / Agent is a generic group that includes many variants. While JS / Kryptik become evil in your JavaScript application that serves to:
A. Prevent detection by antivirus generate variants that seem to continually look different but they all show the same behavior.
2. Create a chaotic process of analysis so as to require deobfuscation analysis, debugging or emulation to be able to find the actual code behavior. Finally, JS / Iframe is a detection result of the identity of the threats that exist in the JavaScripts are installing an application that is usually not seen and known as the IFRAME. IFRAME is enabled to transfer the URL user at random that has been provided by the offender.
Infected with the virus in the virtual world can happen to anyone, such as the above two cases. Given the prevalence of such threats, the goal is not just limited to the operating system on computers and communications devices, specifically the threat of cyber attack by exploiting the WordPress theme and plugins to find vulnerabilities WordPress. from:Dtk-inet