From ars technica December 15, 2014.

“More Than 100,000 WordPress Websites Reportedly Infected by Russian Malware”

“Over 100,000 WordPress sites have been infected by a Russian virus called SoakSoak, which loads an attack code onto webpages created through the uber-popular blogging platform, according to a report by Ars Technica.

Google has already flagged roughly 11,000 malicious domains — though it is likely that many more than that have been compromised.

According to Gizmodo, more than 70 million total sites use WordPress as a content-management system — from personal blogs to Time.com. However, only self-hosted sites that use WordPress have been affected by the malware — meaning personal blogs are okay.

The aim of the hackers and the consequences of the virus — whether to steal data or otherwise — remain unclear.

Related: 5 Lessons Leaders Can Learn From the Sony Hacking Scandal

The malware infiltrated WordPress through a vulnerability in a slideshow plug-in called Slider Revolution. While Slider Revolution has since fixed the bug with updates — it knew about the vulnerability earlier this fall, according to Gizmodo — the older version of the plug-in is still bundled with many WordPress themes.

“The biggest issue is that the RevSlider plugin is a premium plugin,” wrote Sucuri, an online security firm that was first to identify the infection. “It’s not something everyone can easily upgrade and that in itself becomes a disaster for website owners.””

Read more:

http://arstechnica.com/security/2014/12/some-100000-or-more-wordpress-sites-infected-by-mysterious-malware/

Sucuri free website scanner:

http://sitecheck.sucuri.net/