Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Create an account on our board

or login and enjoy all the possibilities

Existing user? Sign In

Sign In



Sign Up

Welcome to Exploit Zone

New updates for the forum ! stay tunned !

Youtube Tutorials
News
  • Welcome To Exploit Zone
  • The kingdom of knowledge sharing in hacking
  • New Updates ! Stay Tunned !
  • Share your knowledge here !
  • unlash your power on our challenges !
  • Become a ninja in the Shadow !
Sign in to follow this  

Cybercriminals target pizza delivery website to concoct personalized spam campaigns

Sign in to follow this  
AdminSec

131 views

Cybercriminals target pizza delivery website to concoct personalized spam campaigns

 

  • The scammers used the website’s content in order to create tailor-made spam campaigns.
  • In one instance, the attackers promoted Xenical, a prescription drug used to treat obesity.

A pizza delivery website has become the latest target of cyberattackers as it was exploited to deliver personalized spam campaigns. This compromised website was first discovered by Sucuri researchers who it using an older version of WordPress. The attackers exploited the website content in order to devise personalized spams. In one instance, they also promoted Xenical, a prescription medication meant for treating obesity.

The big picture

The attackers advertised Xenical in a message filled with hyperlinks on the homepage of the compromised pizza delivery site.

The message begins by mentioning pizza as one of the food products responsible for obesity and then trails with information on Xenical and its availability on a site known as ‘DietXPills’. It also impersonated the pizza company.

Sucuri researchers identified that the server shared by the ‘DietXPills’ website was also used by 46 other sites that allegedly sold medications without prescription.

The message content, which was not encoded, was present in a PHP file of the WordPress-based site. In addition, a malicious WordPress user profile was discovered which was subsequently removed by Sucuri researchers.

Worth noting

The researchers uncovered that the pizza delivery site used an older version of WordPress. “When we received this case, the website had been using outdated software: WordPress version 4.9.6. The most plausible explanation for how the hacker gained access to the site, is that they leveraged the vulnerability to plant their spam content,” they said in the blog.

“We encourage website owners to keep everything in the website up to date, be it plugins, themes, or CMS installations,” advised the researchers

Sign in to follow this  


0 Comments


Recommended Comments

There are no comments to display.

Guest
Add a comment...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...