Bad news for those using Wordpress for their corporate or personal websites. According to security firm Sucuri, a not-so-insignificant number of Wordpress installations have been compromised by a new "visitorTracker_isMob" piece of malware over the past two weeks. Visitors who attempt to go to these sites are redirected to a new page that probes their system for all kinds of weaknesses. If one is found, said system is compromised, and it only gets worse from there.

"This malware campaign is interesting, its final goal is to use as many compromised websites as possible to redirect all their visitors to a Nuclear Exploit Kit landing page. These landing pages will try a wide variety of available browser exploits to infect the computers of unsuspecting visitors," reads Sucuri's blog post.

"If you think about it, the compromised websites are just means for the criminals to get access to as many endpoint desktops as they can. What's the easiest way to reach out to endpoints? Websites, of course."

The best things you can do to protect yourself against this kind of an attack is to make sure that your system is as updated as possible. That includes installing all the most recent operating system updates that Microsoft or Apple offers, as well as all the updates to other critical software related to your Web browsinglike Java (which you should just disable outright) and Adobe Flash (which you shouldn't use anyway). Make sure you're running antivirus and anti-malware apps on a regular basis, too.

As for Wordpress administrators, Sucuri has a few suggestions for protecting your own sites against the VisitorTracker malware.

Related Keep Attackers Away From Your WordPress Site

"If you are a WordPress user, make sure you keep all your plugins updated, including premium ones. I also recommend checking your site via our Free Security / Malware Scanner (SiteCheck) to verify if you're currently being affected by this campaign. If you're a system administrator and have access to your server you can use the following command (grep) to search for the infection on your files," reads the company's blog post.

According to Sucuri, around 95 percent of the compromised websites it has detected are all running WordPress. Of these, around 17 percent or so have already been put on Google's blacklists (and other malware blacklists).

Further Reading

Software & Service Reviews