In a system of web-statistics Piwik spread backdoor

Posted: November 28, 2012 in IT Security News, Security Notices
Tags: , ,

Vulnerability

Backdoor in web-statistics Piwik

According to the developers, the malicious code has been available for download for 8 hours.

Unknown hackers managed to introduce a backdoor in the source code of the latest version of the popular web-analytics open source Piwik, pre-cracking official web-site of the project (http://piwik.org/). About this report the program developers.

Piwik is used to track and generate statistics about visitors to online resources, traffic, etc. Functionality of the system is much like the service Google Analytics, but it requires that the owners of the web-sites have installed it on their own servers.

Thus, users who downloaded and installed the update version 1.9.2 vechrom on Monday, November 26, from 18:43 UTC to 02:59 UTC, infect their system backdoor.

The malicious code was embedded in the file «piwik / core / Loader.php» and masked by base64-encryption for obfuscation traces.

“Users who have suffered from hackers, you need to make a backup copy of the file piwik / config / config.ini.php, delete the entire directory Piwik, download a new copy of the software from the official site and reinstalled it,” – is recommended.

The experts also noted that the hacking piwik.org have done with a vulnerable plugin content management system WordPress.

According to the developers, at the moment the total number of downloads Piwik approximately 1.2 million times, and the active use of the program is fixed at 460 thousand web-sites.

More information about the vulnerability here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s