In March, the malware creators changed the way they wanted the Flashback exploit to spread, moving it from a Trojan horse that enticed users to click on it by masquerading as an Adobe update to a drive-by attack that infected the systems of users who clicked on compromised or malicious Websites, according to Alexander Gostev, head of the global research and analysis team at Kaspersky.
In a post on Kaspersky’s SecureList blog, Gostev said that sometime around the end of February and the beginning of March, “tens of thousands of sites powered by WordPress were compromised. How this happened is unclear. The main theories are that bloggers were using a vulnerable version of WordPress or they had installed the ToolsPack plug-in.”
Mac Flashback infections started at hijacked WordPress sites
Posted on Monday, April 23 2012 @ 15:52 CEST by Thomas De Maesschalck