On Sunday, 100,000 or more WordPress website may have been compromised by a mysterious malware and causing infected sites to download malicious code and attack site visitors. Due to the severity of the attack, Google has already flagged more than 11,000 domain names as malicious but many more sites have been compromised.
Dubbed as SoakSoak, the malware exploits a vulnerability in the WordPress plugin, RevSlider. The malware modifies the file “wp-includes/template-loader.php” which causes a line of code to be loaded on every single page on a WordPress website.
While the RevSlider vulnerability has been fixed, older versions of the plugin remain vulnerable to attacks. This is mainly due to the fact that the plugin is bundled with WordPress themes, which still use the previous version of the plugin. Unless site owners update the plugin immediately, they remain vulnerable to malware attacks.
Researchers at Sucuri are warning that the malware will be hard to completely eliminate. As long as site owners are not aware of the malware’s existence, the code will remain in place. Sites that have been infected are advised to remove the code and to update the plugin.
If you believe that your WordPress website is infected, Sucuri has provided a free site scanner to check for infections. The tool can be found here: http://sitecheck.sucuri.net/
More information is available at: http://arstechnica.com/security/2014/12/some-100000-or-more-wordpress-sites-infected-by-mysterious-malware/