Russian Malware Targets WordPress Users

A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google to blacklist over 11,000 of those domains (the number is increasing), according to a report from cybersecurity firm Sucuri.

The malware exploits a previously-known vulnerability in a WordPress plugin called Slider Revolution to modify the file wp-includes/template-loader.php, causing the wp-includes/js/swobject.js to be loaded on every page on the site, which in turn loads the malware from a russian website.

The malware campaign is targeting WordPress users running Internet Explorer on Windows and is also making use of a number of new backdoor payloads, some of which are being injected into images to further assist evasion while others are being used to inject new administrator users into vulnerable WordPress

Advertisements

About lankapage

We are an online publication (Educational Purpose Blog) made up largely of what we call “disintermediated” news – that is news without a spin put on it by a journalist, published as it’s delivered to Lankapage. All copyrights belong to their respective owners. Images and text owned by other copyright holders are used here under the guidelines of the Fair Use provisions of United States Copyright Law. Images and text are used here only for the education purpose and are not intended to generate income for the blog, its employees, or its students. That makes us unique. All content is delivered to you as the writer or producer intended — leaving only you to make judgments about what you read or watch, not us.

Posted on December 17, 2014, in Sri Lanka. Bookmark the permalink. Comments Off on Russian Malware Targets WordPress Users.

Comments are closed.

%d bloggers like this: