Russian Malware affects 100,000+ Wordpress Sites. Many site owners unaware they've been infected.

As Russian Malware continues to infect over 100,000+ WordPress websites and Google black lists over 11,000 domains, we show you how to identify if you're at risk.

Website security firm Securi have revealed that over 100,000+ WordPress websites have been infected with a mysterious Russian malware nicknamed SoakSoak. Google have been quick to take action to protect their users by blacklisting over 11,000 infected sites. Effectively taking them off line, visitors to these infected sites will now find their site replace with the following warning.

It's a scary proposition to discover your site has been compromised by hackers and scarier still that Google will blacklist your site and take it offline with no warning. While security firms have yet to establish the goal of the hack, the implications for business owners running their websites on WordPress is clear - clean up your infected site or risk dropping off Google's search results.

To be fair to the WordPress platform, this is not a vulnerability in the core CMS but rather a vulnerabilty with a popular PlugIn called Revolution Slider.

The problem for site owners though are many fold:

  1. Business owners have very little idea wether their developers have used the RevSlider Plugin
  2. RevSlider is used extensively on WordPress sites and is one of it's most popular Plugins. 
  3. RevSlider is the default banner slider used on many popular off-the-shelf WordPress themes
  4. WordPress is the most popular blogging and publishing platform but also the biggest target for hackers looking
  5. Google are proactively blacklisting infected sites
  6. Although the Plugin has sinced been patched, the development team did not notify their users of the vulnerability and subsequent patch

So if you *are* running WordPress and wondering if your site is open to attack via RevSlider, here's a very simple way to identify it's use.

  • Load the website in a browser
  • Right-click somewhere on the page and choose "View Source' to view the underlying HTML code of your site
  • Looking for a reference within the source code to RevSlider. In the example below, we can see "revslider" mentioned

<link rel='stylesheet' id='rs-plugin-settings-css' href='http://yoursite.com/wp-content/plugins/revslider/rs-plugin/css/settings.css?rev=4.6.0&#038;ver=4.0.1' type='text/css' media='all' />

If you do see a reference to RevSlider, it doesn't mean your site has already been hacked but you are at risk. Hackers can effectively take control of your site and access key parts of your site such as your database credentials. The key thing here is to identify the version number. Anything running 4.1.4 or older must be updated immediately. Speak with your Web Development team as soon as possible and organise an upgrade to the patched version of Revolution Slider.

 


Post Comment