Emergency Report: Massive WordPress Blog Hacks and Stealing Google Accounts?

anti spam






TOKYO (MacHouse) – www.cat-n-scratch.com, blog.alviselledge.com, blog.soar.hk, www.scwaterpolo.us and d-pi.com… We never heard of these websites till some 30 minutes ago. So what are common characteristics among these websites? They are all WordPress blog websites. Okay… Then? Also, they are all hacked. A spam terrorist group hacked these websites to forward Internet users to suspicious web contents. To our knowledge, spam terrorist groups started circulating spam comments using different IP addresses including 201.24.78.66, 217.94.172.231 and 70.166.109.14 a few days ago to forward Internet users to hacked WordPress websites. It is possible that this hack & spam practice has been going on for the past 45 days, during which we didn’t subscribe to spam comments.


Google Accounts WordPress Hack wp-content
Screenshot 01- Source: cat-n-scratch.com
  Google Accounts WordPress Hack wp-content
Screenshot 02- Source: alviselledge.com
  Google Accounts WordPress Hack wp-content
Screenshot 03- Source: soar.hk



Screenshot 05 shows odd aspects. You can see a database error on the side bar. It is possible that these hacks are done by a technique called SQL injection. On the other hand, all the hacked websites have a folder titled 1 under wp-content folder.


Google Accounts WordPress Hack wp-content
Screenshot 04- Source: scwaterpolo.us
  Google Accounts WordPress Hack wp-content
Screenshot 05- Source: d-pi.com
  Google Accounts WordPress Hack wp-content
Screenshot 06



So happens if you access the hacked content? If you access www.cat-n-scratch.com/wp-content/1/video-poker-virtuale.html, for example, you will first reach a spam page advertising a video poker website. (See Screenshot 07.) And, in the blink of an eye, you will be instantly redirected to Google’s top content. (See Screenshot 08.) Possibly, they want to steal Google accounts and access to AdSense.


Google Accounts WordPress Hack wp-content
Screenshot 07- Source: cat-n-scratch.com
  Google Accounts WordPress Hack wp-content
Screenshot 08- Source: cat-n-scratch.com
  Google Accounts WordPress Hack wp-content
Screenshot 09- Source: cat-n-scratch.com

Finally, all WordPress webmasters are advised to FTP-access their WordPress directories to see if there are suspicious files and folders under wp-content.

This entry was posted in Internet security. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment spam protected by SpamBam

Notify me of followup comments via e-mail. You can also subscribe without commenting.