Word Fence has the article Avoid Malware Scanners That Use Insecure Hashing. If there is anyone reading this blog who still works for one of the companies where I used to work, I hope they see this mention of the MD5 hashing algorithm.
Today, I received the following email:
This morning we’ve posted an analysis and advisory that describes a problem with malware scanners using the MD5 hashing algorithm.
Several popular security products in the WordPress space use MD5 to verify safe files and detect malicious files. Using this weak hashing algorithm creates a security hole that an attacker can use to craft malware that avoids detection by these scanners.
In today’s post we describe why this is a problem and we include some research demonstrating how attackers can bypass MD5. We also share the history behind MD5 and why some malware scanners for WordPress may have confused MD5 with a secure hashing algorithm.
Mark MaunderWordfence Founder & CEO