News has surfaced that some 100,000 websites running on Wordpress have been compromised and were turned into attack platforms. Google has flagged around 11,000 of these sites already, but there are still many more that remain infected.
Hackers appear to have exploited a vulnerability in the RevSlider plugin that allows them to take control of the plugin and subsequently hijack the website. Once this is done, a malware package is uploaded that redirects visitors to another domain known as soaksoak.ru. The hackers also inject more malware into other parts of the site and add new administrative profiles to provide them with longer term control and make it harder to secure the site.
Some users are reporting that replacing the swfobject.js and template-loader.php files will remove the infection. However, it is warn that while this is true, it does not remove the attack vector and the website is usually quickly compromised again. Sucuri, the internet security firm that first discovered the issue, has warned that the RevSlider vulnerability will take a while to remedy as it is a premium plugin which makes it difficult for admins to upgrade on their own.
Until a fix can be fully deployed internet users should be wary of being redirected. Sucuri has a web scanner that is capable of checking for the hijacked sites that will detect this latest vulnerability for those who are concerned about their own domains.
[Source: Sucuri; via: Ars Technica]
