Thousands of WordPress sites sucked into BlackHole
Researchers have discovered a spike in malware infecting thousands of WordPress websites that use a popular image tool.
The attacks came to light after French media outlet, The Poitou-Charentes Journal, began hosting on malicious code on its WordPress site. Avast senior researcher Jan Sirmer found attackers had exploited weak FTP server authentication credentials and a vulnerability in the TimThumb image resizer to upload malicious PHP files to the site.