In a recent post, we covered how attackers were abusing server resources to create WordPress sites in subdirectories and distribute spam. By adding a complete WordPress CMS installation into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products – a very bold move.
This time around, attackers used a different technique and structure to accomplish the same task.
Instead of adding WordPress subsites and using the local database, they decided to fetch all of the information from external sources under their control.
Continue reading Cloned Spam Sites in Subdirectories at Sucuri Blog.