ET DELETED RougeAV Wordpress Injection Campaign Compromised Page Served From Local Compromised Server
Sourceet/open
CreatedMarch 9, 2012
UpdatedSeptember 9, 2019
Classificationsuccessful-admin
alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET DELETED RougeAV Wordpress Injection Campaign Compromised Page Served From Local Compromised Server"; flow:established,from_server; content:".rr.nu/mm.php?d=1|22|><|2F|script>"; nocase; reference:url,community.websense.com/blogs/securitylabs/archive/2012/03/05/mass-injection-of-wordpress-sites.aspx; classtype:successful-admin; sid:2014338; rev:4; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2012_03_09, deployment Datacenter, signature_severity Major, tag Wordpress, updated_at 2019_09_09;)
References
Metadata
affected productWordpress_Plugins
attack targetWeb_Server
created at2012_03_09
deploymentDatacenter
signature severityMajor
tagWordpress
updated at2019_09_09
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!