|Destination||220.127.116.11 (United States)||html (80)||wspanalytics.com|
|User-Agent||Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36|
|Accept-Encoding||gzip, deflate, sdch|
|req_or_response||GET /boost-for-excel/wp-content/release/boost/boost-installer.exe HTTP/1.1|
- A request to download a .exe file has occurred to a wordpress site.
- Wordpress sites are frequently targeted by malware creators for distribution purposes. Why?:
- These websites often have the virtue of being tied to known good (not blacklisted) infrastructure.
- They are easy to set up insecurely and often subject to abandonment (user sets up their server and doesn't patch).
- Throw away non-attributable infrastructure for hosting malware binaries.
- wspanalytics is a known good WordPress site.
- They are legitimately distributing cleartext .exes via their site.
- wprecon.com finds no security violations.