Joomla Exploit Results In Thousands Of Infected Systems, Targeted Attacks Against EMEA Banks

Versafe report summarizes the discovery of a vulnerability that had put Web sites hosted on the Joomla content management system at risk of being hijacked

August 15, 2013

3 Min Read


PHILADELPHIA, PA--(Marketwired - Aug 12, 2013) - Versafe today announced the publication of a Versafe Intelligence Brief entitled 'Joomla Exploit Enabling Malware, Phishing Attacks to be Hosted from Genuine Sites'. The report summarizes the discovery of a vulnerability that had put websites hosted on the Joomla content management system at risk of being hijacked for use in malware payload and phishing attacks. A forensics investigation of the exposed sites by researchers at the Versafe Security Operations Center also discovered a zero-day attack found in the wild, which enabled attackers to gain full control over the compromised systems. After disclosing details of the vulnerability to the Joomla Security Strike Team, a patch is now available on the Joomla! Developer Network for versions 2.5.x and 3.1.x of the platform, as well as a community-developed fix for 1.5.x.

"What brought this vulnerability to our attention was that we noticed a sharp increase in the number of phishing and malware attacks being hosted from legitimate Joomla-based sites," said Eyal Gruner, CEO of Versafe. "The series of attacks exploiting this vulnerability were particularly aggressive and widespread -- involved in over 50% of the attacks targeting our clients and others in EMEA -- and ultimately successful in infecting a great many unsuspecting visitors to genuine websites. Versafe is committed to helping Joomla protect its large community of platform users and end-users, through having shared key findings specific to this exploit."

Both the exploit and zero-day attacks were detected by the Versafe Security Operations Center -- leveraging its TotALL™ Online Fraud Protection Suite, a server-side malware and online threat protection solution -- that in several customer implementations had been deployed via F5 Network's BIG-IP® product suite, including the Application Security Manager™ (ASM™) web application firewall.

"There's no silver bullet for security, so F5 recommends a defense-in-depth approach," said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. "By partnering with leading security-focused organizations such as Versafe, F5 is able to further enhance the protection capabilities offered by BIG-IP ASM and its other security solutions to benefit joint customers."

The report, which can be downloaded at, provides a step-by-step description of how the attacks were initiated, from vulnerability assessment to server takeover and malware deployment.

About Versafe Versafe enables organizations to proactively ensure the integrity of each online customer relationship, protecting against the spectrum of malware and online threat types, across all devices, while being fully transparent to the end-user. Clients have actualized a significant decrease in the number and impact of malware, phishing, and other online attacks -- enabling step-change reduction in both fraud losses as well as an increase in fraud management efficiencies -- routinely yielding investment payback in just weeks. With over 30 customers internationally, Versafe is backed by Susquehanna Growth Equity.

For more information, please visit:

F5, BIG-IP, Application Security Manager, and ASM are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners. The use of the words "partner," "partnership," or "joint" does not imply a legal partnership relationship between F5 Networks and any other company.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights