WordPress websites infected by SoakSoak.ru malware, Google blacklisted over 11k domains, SoakSoak malware decoder, Free SiteCheck scanner, Javascript malware from the SoakSoack.ru
From ars technica December 15, 2014.
“More Than 100,000 WordPress Websites Reportedly Infected by Russian Malware”
“Over 100,000 WordPress sites have been infected by a Russian virus called SoakSoak, which loads an attack code onto webpages created through the uber-popular blogging platform, according to a report by Ars Technica.
Google has already flagged roughly 11,000 malicious domains — though it is likely that many more than that have been compromised.
According to Gizmodo, more than 70 million total sites use WordPress as a content-management system — from personal blogs to Time.com. However, only self-hosted sites that use WordPress have been affected by the malware — meaning personal blogs are okay.
The aim of the hackers and the consequences of the virus — whether to steal data or otherwise — remain unclear.
Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal
The malware infiltrated WordPress through a vulnerability in a slideshow plug-in called Slider Revolution. While Slider Revolution has since fixed the bug with updates — it knew about the vulnerability earlier this fall, according to Gizmodo — the older version of the plug-in is still bundled with many WordPress themes.
“The biggest issue is that the RevSlider plugin is a premium plugin,” wrote Sucuri, an online security firm that was first to identify the infection. “It’s not something everyone can easily upgrade and that in itself becomes a disaster for website owners.””
Read more:
Sucuri free website scanner: