More Than 100,000 WordPress Websites Reportedly Infected by Russian Malware
Updated on July 17 at 1:55 p.m. with comments from a WordPress spokesperson.
Over 100,000 WordPress sites have been infected by a Russian virus called SoakSoak, which loads an attack code onto webpages created through the uber-popular blogging platform, according to a report by Ars Technica.
Google has already flagged roughly 11,000 malicious domains -- though it is likely that many more than that have been compromised.
According to Gizmodo, more than 70 million total sites use WordPress as a content-management system -- from personal blogs to Time.com. However, only self-hosted sites that use WordPress have been affected by the malware -- meaning personal blogs are okay.
The aim of the hackers and the consequences of the virus -- whether to steal data or otherwise -- remain unclear.
The malware infiltrated WordPress through a vulnerability in a slideshow plug-in called Slider Revolution. While Slider Revolution has since fixed the bug with updates -- it knew about the vulnerability earlier this fall, according to Gizmodo -- the older version of the plug-in is still bundled with many WordPress themes.
“The biggest issue is that the RevSlider plugin is a premium plugin,” wrote Sucuri, an online security firm that was first to identify the infection. “It’s not something everyone can easily upgrade and that in itself becomes a disaster for website owners."
Ars Technica notes that Sucuri also offers a free scanner here, which can determine which sites are actively compromised.
A WordPress spokesperson could neither confirm that 100,000 sites had been infected, nor that 70 million sites use the platform as a CMS.
"Automattic [WordPress.com's parent company] is taking action to protect sites from the vulnerability," the company said in a statement. "VaultPress, a backup and security product, has included protection from this vulnerability since it was first announced back in September."