Daily Archives: December 17, 2014

Russian Malware Targets WordPress Users

A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google to blacklist over 11,000 of those domains (the number is increasing), according to a report from cybersecurity firm Sucuri.

The malware exploits a previously-known vulnerability in a WordPress plugin called Slider Revolution to modify the file wp-includes/template-loader.php, causing the wp-includes/js/swobject.js to be loaded on every page on the site, which in turn loads the malware from a russian website.

The malware campaign is targeting WordPress users running Internet Explorer on Windows and is also making use of a number of new backdoor payloads, some of which are being injected into images to further assist evasion while others are being used to inject new administrator users into vulnerable WordPress

Advertisements
%d bloggers like this: