Hundreds of thousands of websites
running Wordpress have been infected by a piece of malware called SoakSoak via
a third-party plug-in, even though developers knew about the vulnerability at
the beginning of the year.
The attack has prompted Google to
flag more than 11,000 domains hosting a Wordpress website as malicious. The
software is an open source tool for managing content which is used by a huge
number of websites. As of August 2013 it was behind 23.2 per cent of the top
ten million websites around the world. It is thought that more than 60m
websites use Wordpress.
Now it seems that websites running a
third-party plug-in called Slider Revolution are being hacked, and malicious
code is being installed that will in turn infect those who visit the website.
The developers of the plug-in, ThemePunch, have admitted that they knew about
the vulnerability in February this year but kept quiet about it.
Instead of making a public
announcement it quietly developed 29 security fixes from February to September,
resisting a public call for action because of a “fear that an instant public
announcement would spark a mass exploitation of the issue”.
The company had hoped that most users
would install these updates, solving the problem, but it now admits that this
was “sadly not the case”.
“We as a team would like to apologise
officially to our clients for the problems that arised [sic] due to the
security exploit in Revolution Slider Plugin versions older than 4.2,″ it says on its
website.
Security firm Sucuri said in a blog post that
the attack was having an impact on “hundreds of thousands” of Wordpress
websites.
“We cannot confirm the exact vector,
but preliminary analysis is showing correlation with the Revslider
vulnerability we reported a few months back,” it said.
Slider Revolution is an $18 Wordpress
plug-in which offers advanced image display options.
The malware looks set to hang around
for some time as the plug-in will not automatically update in all situations,
such as when installed as part of a custom theme package.
Some have already taken steps to
remove the malicious code, such as Kristina Hunter who runs dulfy.net. She
tweeted: “There was a malware inject affecting multiple Wordpress sites. We
have removed the bad files but it may take a bit for warnings to go away”.
Only self-hosted
Wordpress installations are at risk. Anyone usingWordpress.com will
be safe and no further action is necessary. The developers of the website were
not available for comment at the time of writing.
previous article
Newer Post
No comments
Post a Comment