Follow Me

Tuesday, 16 December 2014

Thousands' of Wordpress websites infected

Hundreds of thousands of websites running Wordpress have been infected by a piece of malware called SoakSoak via a third-party plug-in, even though developers knew about the vulnerability at the beginning of the year.
The attack has prompted Google to flag more than 11,000 domains hosting a Wordpress website as malicious. The software is an open source tool for managing content which is used by a huge number of websites. As of August 2013 it was behind 23.2 per cent of the top ten million websites around the world. It is thought that more than 60m websites use Wordpress.
Now it seems that websites running a third-party plug-in called Slider Revolution are being hacked, and malicious code is being installed that will in turn infect those who visit the website. The developers of the plug-in, ThemePunch, have admitted that they knew about the vulnerability in February this year but kept quiet about it.
Instead of making a public announcement it quietly developed 29 security fixes from February to September, resisting a public call for action because of a “fear that an instant public announcement would spark a mass exploitation of the issue”.
The company had hoped that most users would install these updates, solving the problem, but it now admits that this was “sadly not the case”.
“We as a team would like to apologise officially to our clients for the problems that arised [sic] due to the security exploit in Revolution Slider Plugin versions older than 4.2,″ it says on its website.
Security firm Sucuri said in a blog post that the attack was having an impact on “hundreds of thousands” of Wordpress websites.
“We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a few months back,” it said.
Slider Revolution is an $18 Wordpress plug-in which offers advanced image display options.
The malware looks set to hang around for some time as the plug-in will not automatically update in all situations, such as when installed as part of a custom theme package.
Some have already taken steps to remove the malicious code, such as Kristina Hunter who runs She tweeted: “There was a malware inject affecting multiple Wordpress sites. We have removed the bad files but it may take a bit for warnings to go away”.
Only self-hosted Wordpress installations are at risk. Anyone will be safe and no further action is necessary. The developers of the website were not available for comment at the time of writing.

previous article
Newer Post
next article
Older Post


Email *

Message *