View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
December 17, 2014

Google blacklists WordPress sites over SoakSoak malware

The vulnerability was discovered in February but not disclosed.

By CBR Staff Writer

Thousands of websites running on WordPress have been compromised by SoakSoak malware, which works by exploiting a security flaw in a third party plug-in.

Following the discovery of the flaws, Google has blacklisted over 11,000 domains hosting WordPress websites that might have been affected with the malware, according to California-based security company Sucuri.

ThemePunch, the makers of the $18 plug-in called Slider Revolution, has admitted that its plug-in had a vulnerability which was discovered in February of this year.

The vulnerability could allow installation of malicious SoakSoak code, which infects the systems used to access the infected website.

ThemePunch did not disclose the vulnerability to prevent mass exploitation of the flaw, instead trying to fix the problem by developing 29 security fixes from February through to September.

Themepunch said: "We as a team would like to apologize officially to our clients for the problems that arised due to the security exploit in Revolution Slider Plugin versions older than 4.2.""

The plug-in maker has also advised WordPress users to update all plug-ins used in the website to reduce the damage, and has also asked developers to use WordPress security plug-ins like Wordfence, which can block the vulnerability in some cases.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Security firm Sucuri said: "We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a few months back."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.