Success Magazine Blog Hit With Malware

We were analyzing some hacked sites today and one of them was full of SPAM. After some digging, we found that it was loading the Blackhat SEO Spam from blog.success.com (the official blog of Success Magazine).

We conducted a quick scan of their blog, we can see that it is being used to load all sorts of Pharma goodness:

Success spam

By searching Google we can confirm ("Buy  Naltrexone" inurl:blog.success.com) that it has been there for a while:

Success.com spam on google

We cannot emphasize enough how important it is to keep your web software and applications up to date. This includes your themes and plugins as well! In the case of Success Magazine, they are using WordPress v2.7.1, which is outdated and has known security bugs:

We already contacted them and hopefully they’ll get it squared away quickly. Situations like these should be a wake up call for blog owners that are using outdated versions of WordPress (or any application): Update ias soon as possible. Every day that goes by when running outdated software increases your risk of being hacked. It’s just bad for business, ultimately you may be putting visitors at risk and that’s a quick way to permanently lose traffic!

Protect your interwebs!

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.