1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Report: Mysterious Russian Malware Is Infecting 100,000+ Wordpress Sites

Discussion in 'Windows - Virus and spyware problems' started by ireland, Dec 15, 2014.

Thread Status:
Not open for further replies.
  1. ireland

    ireland Active member

    Nov 28, 2002
    Likes Received:
    Trophy Points:
    Report: Mysterious Russian Malware Is Infecting 100,000+ Wordpress Sites

    A Russian malware called SoakSoak has infected over 100,000 Wordpress sites since this Sunday, turning blogs into attack platforms. It's a potential shitshow, and it could've been prevented earlier this fall.

    Google has already blocked 11,000 domains to try to curb the damage. According to security firm Sucuri, the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. The Slider Revolution team has known about the vulnerability since September, but it looks like they failed to fix it before the security hole got crammed with steaming hot malware.

    Researchers at Sucuri are warning that it'll be hard to completely eradicate the malware as long as so many site owners don't know it's there. In addition to removing the malicious code, they will need to update the premium plug-in. If the plug-in came as part of a theme, it won't update automatically, which means site admins will have to manually update.

    Gaming site Dulfy was one of first infected domains to fix the problem by removing code and going behind a firewall, but it may persist on blogs with less diligent administrators indefinitely. And Dulfy's admin isn't sure the fix is permanent. "The firewall will be a temporary measure until we can figure out what is doing it," site owner Kristina Hunter told me.

    Over 70 million sites use Wordpress as a content management system, from personal blogs to Time.com. This malware attack only affects self-hosted sites that use Wordpress, so if you have a personal blog on Wordpress.com, you're okay.

Thread Status:
Not open for further replies.

Share This Page