WordPress running Web sites hosted on GoDaddy have been hacked once again. Just like the previous attack less than a month ago, criminals infected thousands of Web pages with malicious script that serve rogue Anti Virus.

According to Sucuri Security, GoDaddy’s servers were hacked yesterday around 3p.m. EST, and thousands of WordPress blogs and other PHP based websites were malformed with a script that points to a fake anti-virus hosted at cloudisthebestnow(dot)com/kp.php.

What’s interesting is that cloudisthebestnow(dot)com is hosted and owned by the same people involved in the latest attacks at GoDaddy.

Figure 1. Same IP Hosts Both Attacks

// // Sucuri Security analysts explain how these attacks take place: “GoDaddy has some internal vulnerability that is allowing the attackers to upload the following code to their sites:MW:SIPRO:1. A few minutes after this code is uploaded, the attackers run it remotely and this PHP script infects all the files within the site.” Luckily for the owners of the sites, the attack has the same solution as the previous one.

In conclusion: be careful when surfing the Net. Web sites that are fully legit but somehow compromised as in this case can unknowingly redirect you to rogue-spreading pages. Don`t forget to update all your running software and never pause/turn off your anti-virus program.