TOKYO (MacHouse) – www.cat-n-scratch.com, blog.alviselledge.com, blog.soar.hk, www.scwaterpolo.us and d-pi.com… We never heard of these websites till some 30 minutes ago. So what are common characteristics among these websites? They are all WordPress blog websites. Okay… Then? Also, they are all hacked. A spam terrorist group hacked these websites to forward Internet users to suspicious web contents. To our knowledge, spam terrorist groups started circulating spam comments using different IP addresses including 201.24.78.66, 217.94.172.231 and 70.166.109.14 a few days ago to forward Internet users to hacked WordPress websites. It is possible that this hack & spam practice has been going on for the past 45 days, during which we didn’t subscribe to spam comments.
 Screenshot 01- Source: cat-n-scratch.com |
 Screenshot 02- Source: alviselledge.com |
 Screenshot 03- Source: soar.hk |
Screenshot 05 shows odd aspects. You can see a database error on the side bar. It is possible that these hacks are done by a technique called SQL injection. On the other hand, all the hacked websites have a folder titled 1 under wp-content folder.
 Screenshot 04- Source: scwaterpolo.us |
 Screenshot 05- Source: d-pi.com |
 Screenshot 06 |
So happens if you access the hacked content? If you access www.cat-n-scratch.com/wp-content/1/video-poker-virtuale.html, for example, you will first reach a spam page advertising a video poker website. (See Screenshot 07.) And, in the blink of an eye, you will be instantly redirected to Google’s top content. (See Screenshot 08.) Possibly, they want to steal Google accounts and access to AdSense.
 Screenshot 07- Source: cat-n-scratch.com |
 Screenshot 08- Source: cat-n-scratch.com |
 Screenshot 09- Source: cat-n-scratch.com |
Finally, all WordPress webmasters are advised to FTP-access their WordPress directories to see if there are suspicious files and folders under wp-content.
