Blog

Sitesassure Security Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.
  • Team Blogs
    Team Blogs Find your favorite team blogs here.
  • Login
    Login Login form

Mysterious Russian Malware Is Infecting 100,000+ Wordpress Sites

Posted by on in Uncategorized
  • Font size: Larger Smaller
  • Hits: 1656
  • 0 Comments
  • Subscribe to this entry
  • Print

 

2014-12-16 175737

A Russian malware called SoakSoak has infected over 100,000 Wordpress sites since this Sunday, turning blogs into attack platforms. It's a potential shitshow, and it could've been prevented earlier this fall.

 

Google has already blocked 11,000 domains to try to curb the damage. According to security firm Sucuri, the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. The Slider Revolution team have fixed it with updates. The problem is that the old,vulnerable version of the plug-in is still bundled with Wordpress themes, so lots of sites are still using the wrong version.

 

 

 

Researchers at Sucuri are warning that it'll be hard to completely eradicate the malware as long as so many site owners don't know it's there. In addition to removing the malicious code, they will need to update the premium plug-in. If the plug-in came as part of a theme, it won't update automatically. That means site admins will have to manually update if the theme package isn't updated.

 

Gaming site Dulfy was one of first infected domains to fix the problem by removing code and going behind a firewall, but it may persist on blogs with less diligent administrators indefinitely. And Dulfy's admin isn't sure the fix is permanent. 

 

Over 70 million sites use Wordpress as a content management system, from personal blogs to Time.com. This malware attack only affects self-hosted sites that use Wordpress, so if you have a personal blog on Wordpress.com, you're okay.

 

Of course, if you run a personal blog on Wordpress.com but you ever visit sites with the malware, you're a lot less okay. This is bad news for anyone who uses the internet. Wordpress sites are incredibly common and Google has only caught a small percentage of the infected sites. It's not clear whether the malware distributors are aiming to steal data or do something else nefarious, but unless this is the first recorded malware attack that's secretly an altruistic mission to infect devices with witty e-cards and free software, it's highly likely that SoakSoak sucks.

 

This is yet another stark reminder that ignoring vulnerabilities is an act of hubris that should not be tolerated.

 

Just to be clear: This is a problem with a third-party Wordpress plug-in, not Wordpress.

FOR MORE DETAILS SEE SUCURI

 

inmotionARE YOUR WEBSITES PROTECTED::
Sitesassure can help protect your websites. Click here for information on how our security suite can protect your website from the SoakSoak Wordpress Payload. 

0

Comments

  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest
Guest Monday, 23 October 2017
Contact Us
First Name (*)
Please let us know your name.
Your Email (*)
Please let us know your email address.
Company (*)
Please let us know your Company
Last Name (*)
Please let us know your last name.
Phone (*)
Please let us know your Phone
Subject (*)
Please write a subject for your message.
Message (*)
Please let us know your message.
Captcha (*)Captcha
  Refresh
Invalid Input

SitesAssure.com

 
Email:
support@sitesassure.com
185 E Elm St #812
Torrington, Connecticut 06790
Call: 1-(860) 294-2444
Monday - Friday, 8am - 8pm
 

affiliatebanner

 




 
Interwebshop Internet Services, LLC BBB Business Review

S5 Box

Login

Register

You need to enable user registration from User Manager/Options in the backend of Joomla before this module will activate.