Bad guys are uploading malicious scripts and using them as part of a well thought chain of attacks that infects legitimate websites and redirects their traffic to drive-by download landing pages.
Since Google Drive uses HTTPS, the traffic packets are encrypted, making it harder to detect anomalies with traditional Intrusion Detection Systems (IDS).
Figure 1: Malicious piece of code hosted on https://googledrive[dot]com/host/0B8xeWwe9pXL-OUw3eDExNDQtZkE/
Insecure websites are responsible for most malware infections. In this post I will show you how a typical WordPress site that was poorly configured got hacked, leading unsuspecting visitors to a very bad surprise.
If you can browse the underlying structure of a site, it is usually not a good sign. It does not mean the site has been hacked (yet!), just that whoever set it up does not really know what they’re doing… Unfortunately that makes the site a prime target for automated hacks. Let’s take a look at why this happens and what it can lead to.