{"id":4197,"date":"2022-12-31T17:30:51","date_gmt":"2022-12-31T16:30:51","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4197"},"modified":"2022-12-31T17:30:51","modified_gmt":"2022-12-31T16:30:51","slug":"zlonamjerni-softver-napada-wordpress-stranice","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2022\/12\/31\/zlonamjerni-softver-napada-wordpress-stranice\/","title":{"rendered":"Zlonamjerni softver napada WordPress stranice"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Zlonamjerni softver koji napad <em>WordPress<\/em> stranice su <a href=\"https:\/\/vms.drweb.com\/virus\/?i=25604695\" target=\"_blank\" rel=\"noopener\">otkrili<\/a> sigurnosni istra\u017eiva\u010di kompanije <em>Doctor Web<\/em>, a rije\u010d je o napadu koji iskori\u0161tava oko 30 sigurnosnih ranjivosti u ne a\u017euriranim <em>WordPress<\/em> dodacima i temama.<\/span><\/p>\n<div id=\"attachment_4202\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4202\" class=\"size-full wp-image-4202\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-g617de6133_1920.jpg\" alt=\"wordpress-malware\" width=\"1024\" height=\"614\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-g617de6133_1920.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-g617de6133_1920-300x180.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-g617de6133_1920-768x461.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-g617de6133_1920-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4202\" class=\"wp-caption-text\"><em>Image by <a href=\"https:\/\/pixabay.com\/users\/thedigitalartist-202249\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=3424025\" target=\"_blank\" rel=\"noopener\">Pete Linforth<\/a> from <\/em><a href=\"https:\/\/pixabay.com\/\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=3424025\" target=\"_blank\" rel=\"noopener\"><em>Pixabay<\/em><\/a><\/p><\/div>\n<h2><strong><span style=\"font-size: 14pt;\">Linux zlonamjerni softver<\/span><\/strong><\/h2>\n<p><span style=\"font-size: 14pt;\">Konkretno je rije\u010d o <em>Linux<\/em> baziranom zlonamjernom softveru koji iskori\u0161tava ranjivosti u 32\/64 bitnim sistemima i omogu\u0107ava napada\u010du daljinski pristup. Ako napadnuta stranica ima neku od ranjivosti koju napada\u010d koristi u ovom napadu, dolazi do ubacivanja <em>Java<\/em> k\u00f4da, koji kada korisnik klikne bilo gdje na napadnutoj stranici preusmjerava korisnika na stranicu po \u017eelji napada\u010da.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di su ovaj zlonamjerni softver nazvali\u00a0 <em>Linux.BackDoor.WordPressExploit.1<\/em> i o je ustvari <em>backdoor<\/em> koji se daljinski kontroli\u0161e od strane napada\u010da. On mo\u017ee da izvr\u0161i napad na odre\u0111enu stranicu, da se prebaci u re\u017eim pripravnosti, da se isklju\u010di ili da zaustavi evidentiranje svojih radnji.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><strong><span style=\"font-size: 14pt;\">Funkcionisanje<\/span><\/strong><\/h2>\n<p><span style=\"font-size: 14pt;\">Ipak, glavna funkcionalnost je preuzimanje kontrole nad <em>WordPress CMS<\/em> (<em>Content Management System<\/em>) baziranim Internet stranicama i ubacivanje zlonamjernog k\u00f4da u njih. Prije napada, zlonamjerni softver kontaktira sa komandnim serverom od kojeg dobija adrese Internet stranica za napad. U sljede\u0107em koraku <em>Linux.BackDoor.WordPressExploit.1<\/em> poku\u0161ava da iskoristi ranjivosti u sljede\u0107im ne a\u017euriranim <em>WordPress<\/em> dodacima i temama:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>WordPress \u2013 Yuzo Related Posts<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WP Live Chat Support Plugin <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Yellow Pencil Visual Theme Customizer Plugin <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Easysmtp <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WP GDPR Compliance Plugin <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Newspaper Theme on WordPress Access Control<\/em> (ranjivost <em>CVE-2016-10972<\/em>)<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Thim Core <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Google Code Inserter <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Total Donations Plugin <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Post Custom Templates Lite <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WP Quick Booking Manager <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Facebook Live Chat by Zotabox <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Blog Designer WordPress Plugin <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WordPress Ultimate FAQ<\/em> (ranjivosti <em>CVE-2019-17232<\/em> i <em>CVE-2019-17233<\/em>)<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WP-Matomo Integration<\/em> (<em>WP-Piwik<\/em>)<\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WordPress ND Shortcodes For Visual Composer <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WP Live Chat <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Coming Soon Page and Maintenance Mode <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Hybrid <\/em><\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\">Ako se ranjivost uspje\u0161no iskoristi, u napadnutu Internet stranicu se ubacuje <em>Java<\/em> k\u00f4d koji se preuzima sa udaljenog servera. Sada, kada se zara\u017eena Internet stranica otvori,\u00a0 <em>Java<\/em> k\u00f4d se pokre\u0107e prvi bez obzira na sve ostale elemente stranice. U ovom trenutku, posjetilac ove stranice mo\u017ee kliknuti bilo gdje na zara\u017eenoj stranici i on \u0107e biti preusmjeren na drugu Internet stranicu po \u017eelji napada\u010da.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Pored svega, zlonamjerni softver prikuplja i statisti\u010dke podatke. On prati broj zara\u017eenih stranica, svaku pojedina\u010dnu ranjivost koja je iskori\u0161tena za uspje\u0161an napad i na kraju broj uspje\u0161nih napada kori\u0161tenjem ranjivosti u <em>WordPress Ultimate FAQ<\/em> dodatku i <em>Facebook messenger from Zotabox <\/em>dodatku. Na kraju sve ove podatke \u0161alje udaljenom serveru pod kontrolom napada\u010da.<\/span><\/p>\n<div id=\"attachment_4203\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4203\" class=\"size-full wp-image-4203\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-gbea68da5d_1920.webp\" alt=\"wordpress-water\" width=\"1024\" height=\"683\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-gbea68da5d_1920.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-gbea68da5d_1920-300x200.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-gbea68da5d_1920-768x512.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2022\/12\/wordpress-gbea68da5d_1920-18x12.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4203\" class=\"wp-caption-text\"><em>Image by <a href=\"https:\/\/pixabay.com\/users\/27707-27707\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=588495\" target=\"_blank\" rel=\"noopener\">Kevin Phillips<\/a> from <\/em><a href=\"https:\/\/pixabay.com\/\/?utm_source=link-attribution&amp;utm_medium=referral&amp;utm_campaign=image&amp;utm_content=588495\" target=\"_blank\" rel=\"noopener\"><em>Pixabay<\/em><\/a><\/p><\/div>\n<h3><strong><span style=\"font-size: 14pt;\"><em>Linux<\/em> zlonamjerni softver verzija 2<\/span><\/strong><\/h3>\n<p><span style=\"font-size: 14pt;\">Pored ove verzije, sigurnosni istra\u017eiva\u010di su otkrili i unaprije\u0111enu verziju ovog zlonamjernog softvera <a href=\"https:\/\/vms.drweb.com\/virus\/?i=25604745\" target=\"_blank\" rel=\"noopener\"><em>Linux.BackDoor.WordPressExploit.2<\/em><\/a>. Od originale verzije se razlikuje po drugoj adresi komandnog servera, drugoj adresi domena sa koje preuzima zlonamjerni <em>Java<\/em> k\u00f4d i dodatnoj listi ranjivosti koje iskori\u0161tava u sljede\u0107im WordPress dodacima:<\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\"><em>FV Flowplayer Video Player<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Brizy WordPress Plugin<\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WooCommerce <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WordPress Coming Soon Page <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WordPress theme OneTone <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Simple Fields WordPress Plugin <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WordPress Delucks SEO plugin <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Poll, Survey, Form &amp; Quiz Maker by OpinionStage <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Social Metrics Tracker <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>WPeMatico RSS Feed Fetcher <\/em><\/span><\/li>\n<li><span style=\"font-size: 14pt;\"><em>Rich Reviews plugin <\/em><\/span><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3><strong><span style=\"font-size: 14pt;\">Dodatne mogu\u0107nosti<\/span><\/strong><\/h3>\n<p><span style=\"font-size: 14pt;\">Sigurnosni istra\u017eiva\u010di su u obije varijante otkrili jo\u0161 uvijek nerealizovanu funkcionalnost za preuzimanje administratorskih korisni\u010dkih naloga kori\u0161tenjem iscrpljuju\u0107eg napada (eng. <em>brute-force<\/em>) sa upotrebom poznatih korisni\u010dkih imena i lozinki, kako i kori\u0161tenjem specijalnih rje\u010dnika. Nije mogu\u0107e odrediti da li je ova funkcionalnost ostala iz prethodnih verzija ili se planira koristiti u nekim budu\u0107im verzijama ovog zlonamjernog softvera. Ako do\u0111e do upotrebe ove funkcionalnosti u budu\u0107im verzijama, napada\u010di mogu dobiti mogu\u0107nost napada na potpuno a\u017eurirane Internet stranice.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4><strong><span style=\"font-size: 14pt;\">Za\u0161tita<\/span><\/strong><\/h4>\n<p><span style=\"font-size: 14pt;\">Korisnicima Internet stranica baziranih na <em>WordPress<\/em> platformi se preporu\u010duje da sve komponente na ovoj platformi budu a\u017eurirane, uklju\u010duju\u0107i dodatke i teme i da koriste jake lozinke sa sa jedinstvenim nalozima za prijavu. Korisnicima se savjetuje koji koriste <em>WordPress<\/em> dodatke i teme za koje nema vi\u0161e podr\u0161ke ili dostupnih a\u017euriranja, treba iste da zamjene sa drugim odgovaraju\u0107im dodacima ili temama za koje je dostupna podr\u0161ka.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Zlonamjerni softver koji napad WordPress stranice su otkrili sigurnosni istra\u017eiva\u010di kompanije Doctor Web, a rije\u010d je o napadu koji iskori\u0161tava oko 30 sigurnosnih ranjivosti u ne a\u017euriranim WordPress dodacima i temama. Linux zlonamjerni softver&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4202,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[142,221,260,141,93,126,259],"class_list":["post-4197","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-backdoor","tag-brute-force","tag-exploit","tag-linux","tag-malware","tag-vulnerability","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4197"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4197\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4202"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}