Since last week, over 100,000 WordPress sites have been infected with a mysterious new strain of malware called SoakSoak. The virus turns blogs into potential threats and possesses the capability of turning into a major problem as unsuspecting users would otherwise not question the credibility of the world’s most popular blog-hosting site.
Interestingly, researchers have traced the origins of this malware back to Russia. They claim that the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. However, while an update is available to block the malware, hundreds of thousands of older WordPress sites remain at risk as many site owners simply do not know about its existence and therefore see no need to upgrade their sites.
The malware uses a vulnerability in a slideshow plugin called Slider Revolution
Currently over 70 million websites use WordPress as a content management system, including leading domains like Time.com. Google has claimed that it blocked 11,000 sites in an effort to contain the virus. However, current efforts to stop the malware have only just scratched the surface of the problem.
It is still unclear what the malware aims to achieve – to steal data, or other nefarious objectives, but security teams have been slow to respond to a problem which could have been tackled weeks ago. The Slider Revolution team was apparently aware of the weak spot in its code, but apparently did not deem the threat serious enough to merit consideration. Until a lasting solution is found, it seems as if WordPress- hosted sites will be glancing over their shoulders nervously.