Thousands websites WordPress have accepted attack by hackers who aimed to target them visitors on fraud sites that included alerts for spam subscriptions, false surveys, competitions gifts and fake downloads Adobe Flash.
The most dangerous plugin is the "CP Contact Form with PayPal" which is about ways communication and payment, with PayPal and "Simple Fields", that is, the simple ones fields. However, there are other plugins targeted by hackers.
When a user acquires access on the designated WordPress site, the infused script will try to access the addresses URLs /wp-admin/options-general.php and /wp-admin/theme-editor.php to embed more scripts or change them settings of WordPress by transferring users to other websites.
Once a user agrees with the notifications by clicking the “Acceptance", Will be transferred to fraudulent sites such as fake investigations, technical support scams and fake updates program Adobe Flash Player.
The most common folders presented are: wp-content / plugins / supersociall / supersociall.php and /wp-content/plugins/blockspluginn/blockspluginn.php.
Finally, the Sucuri recommends its use It's free SiteCheck tool to scan users' sites for detection malicious content on WordPress websites. Therefore, if a user visits the WordPress site and is worried it might fall victim hacking, SiteCheck will scan the site and present malicious content while providing users with aid to clean the "hacked" site.