It has been discovered that more than 100,000 WordPress websites have been infected with malware after cyber attackers took advantage of a plug-in referred to as RevSlider, a popular plugin among websites. The attack is meant to metastasize WordPress into a distributor of malware to visitors.
This has prompted Google to blacklist about 11,000 WordPress domains, and it is believed this move by the search engine will contain the situation from spreading even further, according to a blog post published by Menifee, California-based security company Sucuri.
The new malware originates from SoakSoak.ru. SoakSoak changes a file on the website’s WordPress installation and loads JavaScript malware. When visitors click on an infected website they will be redirected to another page and informed to download the malware onto their computers.
RevSlider is a very popular plug-in for so many websites that the owners may be unaware they even have it. This paucity of knowledge could create a devastation considering that owners have to regularly update their plug-ins.
“The biggest issue is that the RevSlider plugin is a premium plugin, it’s not something everyone can easily upgrade and that in itself becomes a disaster for website owner,” Daniel Cid of Sucuri stated in the latest post. “Some website owners don’t even know they have it as it’s been packaged and bundled into their themes. We’re currently remediating thousands of sites and when engaging with our clients many had no idea the plugin was even within their environment.”
Sucuri offered readers an update on the situation and noted that it has been receiving a recommendation to replace the swfobject.js and template-loader.php files to remove the infection. However, Sucuri says even though it removes the infection, it does not tackle the left over backdoors and entry points.
“The website will be reinfected quickly,” added Sucuri. “If you are affected by this, expect to find yourself riddled with backdoors and infections, you have to not only clean, but also stop all malicious attacks. You can stop malicious attacks through the use of a Website Firewall, ours or someone else, just use a Firewall, a real one preferably.”
In order to protect themselves from another infection, webmasters should either eliminate RevSlider from their websites or pay to update the popular WordPress plug-in.
In the meantime, Sucuri is offering a free tool for site administrators so they can check to see if their sites do have SoakSoak and other types of malware. There are also other methods to remedy malware infection issues, which can be found on the WordPress Support Thread.
This isn’t the first time that WordPress has experienced this type of breach. We reported this past summer that individuals with WordPress websites and have downloaded the very popular MailPoet plug were susceptible to infiltration as hackers could take over the websites through this plug-in.
At around the same time, it was discovered that a plug-in called TimThumb was vulnerable because a certain function was modified to add malicious code onto at-risk websites. This type of adjustments could have prompted attackers to produce, change and eliminate any files they want.
It’s absolutely imperative for every single WordPress owner to update their plug-ins on a regular basis.