Vulnerable computer systems and applications:
Websites and their content management systems (CMS).
The malicious code (embedded in the .htaccess file) responds only to certain User-agent fields and only to those site visitors who come from commonly known sites, such as Google, Facebook, Yahoo, LinkedIn, etc. For this reason, some anti-virus programs do not detect anything suspicious. Users accessing infected websites get redirected to malicious pages, where malware is lurking.
In case of breach:
- Remove malicious code in the .htaccess file;
- Update CMS;
- Change administrative passwords.
- Make web content management systems (CMS) accessible only from an internal corporate network or from established IP addresses;
- If you use an open-source CMS, keep them up to date;
- Do not use unnecessary CMS plugins;
- Periodically change passwords for administrators and those users who have access to the CMS;
- Search for vulnerabilities.