Industry News

New Russian Malware Impacts 100,000 WordPress Sites

Thousands of WordPress Sites Compromised through MailPoet Vulnerability

Thousands of WordPress Sites Compromised through MailPoet VulnerabilityGoogle blacklisted more than 10,000 domains compromised with a piece of malware dubbed SoakSoak, according to virus researchers.

Up to 100,000 WordPress sites may be vulnerable to the malicious campaign, Sucuri said. Any version of WordPress that uses a popular slideshow plugin called “Slider Revolution” or RevSlider can fall victim to SoakSoak.

In September, researchers discovered a zero-day vulnerability in the plugin that allows an attacker to download any file from the site’s server, including database credentials, and compromise the website via the database. The problem lies in the way the plugin is wrapped into theme packages. When it becomes part of a theme, RevSlider’s automatic update mechanism is usually disabled and manual updates need to be performed in a process prone to error.

The SoakSoak malware modifies a file called wp-includes/template-loader.php that enables loading of a JavaScript file, wp-includes/js/swobject.js, on every page on the site. After it’s decoded, it loads malware from a Russian domain.

The Russian domain attackers use to get malware is currently down.

The campaign caused both revenue and reputation losses for WordPress blog owners blacklisted by Google.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.

3 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • […] Up to 100,000 WordPress sites may be vulnerable to the malicious campaign, Sucuri said. Any version of WordPress that uses a popular slideshow plugin called “Slider Revolution” or RevSlider can fall victim to SoakSoak.In September, researchers discovered a zero-day vulnerability in the plugin that allows an attacker to download any file from the site’s server, including database credentials, and compromise the website via the database. The problem lies in the way the plugin is wrapped into theme packages. When it becomes part of a theme, RevSlider’s automatic update mechanism is usually disabled and manual updates need to be performed in a process prone to error.Read more here.. […]