WordPress users whose websites are hosted on GoDaddy servers have been targeted by fake AV peddlers – again.
According to Sucuri Security, the web hosting company’s servers were hacked yesterday around 3pm EST, and thousand of WordPress blogs and other PHP based websites were contaminated with a malicious script that points to a fake AV hosted at http://cloudisthebestnow[dot]com/kp.php.
It is also interesting to note that the people behind this attack are the same ones that executed an identical attack against GoDaddy’s servers less than a month ago:
Sucuri Security offers an explanation about how these attacks take place: “GoDaddy has some internal vulnerability that is allowing the attackers to upload the following code to their sites: MW:SIPRO:1. A few minutes after this code is uploaded, the attackers run it remotely and this PHP script infects all the files within the site.”
Luckily for the owners of the sites, the attack has the same solution as the previous one.