• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 17th, 2023

help-circle






  • Yeah, it depends on what you mean.

    In many cases malware and phishing is hosted off other compromised sites. So, they build a list of Wordpress sites with vulnerabilities, and use the vulnerabilities to host their files on them. For example, imagine “legitimate-medical-site.net.com” is a real site. The attacker will use the exploit to upload malicious files in there somewhere like “legitimate-medical-site. net. com/qwertasdf/invoice.pdf”.

    If the site gets blocked or shutdown it’s no loss to them.

    Another technique, especially phishing wise, they will have a semi-plausible domain name (e.g. youbank-security-server .con). But they will register heaps of these. There are tonnes of top level domains that do next to no checking. These things cost a few bucks, so having it taken down is not a problem.

    The combination of burner sites and domains mean they have a window of opportunity to run their attacks and scams before other protections kick in.