CryptoPHP malware hit at least 23,000 sites




The CryptoPHP malware had at the time of discovery last week, more than 23,000 contaminated sites. Announces that the Dutch security FoxIT. In the Netherlands it would be to go a little more than 1,000 contaminated sites.

FoxIT could figure out what IP addresses made ​​CryptoPHP sinkholing contact through which malware is no longer connected to a command and control server of the criminals, but with a self-mounted server. Have made a total 23,693 IP addresses connecting to the sinkholes, but that number increased in the past few days off to 16 786 on Monday. Incidentally, the actual number of infected sites is higher, as shared hosting servers were infected at least one site with the sinkholes connection. The company worked with the analysis of infection rates with Shadow Server and Spamhaus.

Most IP addresses are in the United States: 8675. In Germany CryptoPHP seems to be fairly distributed, with 2877 infections. In the Netherlands is about 1008 IP addresses that were directed to the sinkhole. CryptoPHP spread to a CMS with existing themes and plugins for Joomla, Drupal and WordPress backdoors provide and they offer free via sites. Malware Developers used the CryptoPHP malware for illegal search engine optimization.

The security company has published two Python scripts that site administrators can detect the malware and there is a plan to get rid of CryptoPHP.


In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »