{"id":7150,"date":"2014-12-17T10:00:31","date_gmt":"2014-12-17T15:00:31","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=7150"},"modified":"2014-12-17T10:00:31","modified_gmt":"2014-12-17T15:00:31","slug":"russian-malware-targets-wordpress-users-over-100000-sites-infected","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/12\/17\/russian-malware-targets-wordpress-users-over-100000-sites-infected\/","title":{"rendered":"Russian malware targets WordPress users, over 100,000 sites infected"},"content":{"rendered":"<p><em>Our blog was not affected&#8230;NCCT.<\/em><\/p>\n<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/59168-russian-malware-targets-wordpress-users-over-100000-sites.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/12\/2014-12-16_00-49-04.png\" alt=\"\" \/><\/a><\/p>\n<p>A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google to blacklist over 11,000 of those domains (the number is increasing), according to a report from cybersecurity firm Sucuri.<\/p>\n<p>The malware exploits a previously-known vulnerability in a WordPress plugin called Slider Revolution to modify the file wp-includes\/template-loader.php, causing the wp-includes\/js\/swobject.js to be loaded on every page on the site, which in turn loads the malware from a russian website.<\/p>\n<p>The malware campaign is targeting WordPress users running Internet Explorer on Windows and is also making use of a number of new backdoor payloads, some of which are being injected into images to further assist evasion while others are being used to inject new administrator users into vulnerable WordPress installs.<\/p>\n<p>Replacing the aforementioned files is not a permanent solution as it doesn&#8217;t address the leftover backdoors and initial entry points, the report notes. The only way to remove the infection is to make sure that the Slider Revolution plugin you are using is up to date, although Sucuri says it won\u2019t be easy.<\/p>\n<p>\u201cThe biggest issue is that the RevSlider plugin is a premium plugin, it\u2019s not something everyone can easily upgrade and that in itself becomes a disaster for website owners,\u201d the report said, adding that some websites don\u2019t even know they have the plugin as it\u2019s been bundled into their themes.<\/p>\n<p>If you want to check whether your website is infected or not, you can use Sucuri&#8217;s free site scanner.<\/p>\n<p>via <a href=\"http:\/\/www.techspot.com\/news\/59168-russian-malware-targets-wordpress-users-over-100000-sites.html\" target=\"_blank\">Russian malware targets WordPress users, over 100,000 sites infected &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our blog was not affected&#8230;NCCT. A Russian malware dubbed SoakSoak has infected nearly 100,000 WordPress websites since Sunday, prompting Google [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,9],"tags":[655,1243],"class_list":["post-7150","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-malware","tag-wordpress"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1Rk","jetpack-related-posts":[{"id":9930,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/fbi-says-toss-your-old-router\/","url_meta":{"origin":7150,"position":0},"title":"FBI Says Toss Your Old Router","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/scR199zRjvA On Security Now, Steve talks about the FBI's suggestion that we should be tossing out our old routers.","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/scR199zRjvA\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9655,"url":"https:\/\/nccomputertech.com\/techtalk\/2021\/03\/09\/fuquay-varina-and-holly-springs-computer-repair\/","url_meta":{"origin":7150,"position":1},"title":"Fuquay Varina and Holly Springs Computer Repair","author":"NCCT","date":"March 9, 2021","format":false,"excerpt":"Welcome to our blog. NC Computer Tech services Fuquay Varina, Holly Springs, and surrounding NC areas. We offer prompt, professional, courteous service with over twenty years of experience dealing with residential and small business clients offering them solutions and fixing their computer and network issues at reasonable rates. Our services\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":9291,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/01\/22\/this-week-in-tech-650-frumpy-rump\/","url_meta":{"origin":7150,"position":2},"title":"This Week in Tech 650: Frumpy Rump","author":"NCCT","date":"January 22, 2018","format":false,"excerpt":"https:\/\/youtu.be\/HSn_18byc6k EVs and self-driving cars at CES and the Detroit Auto Show. The first cashierless Amazon Go shop opens January 22nd. Apple HomePod is nearly here. Apple hands out $2500 employee stock bonuses as part of its huge cash repatriation plan. Google wants your selfies. Facebook wants you to tell\u2026","rel":"","context":"In &quot;Technology&quot;","block_context":{"text":"Technology","link":"https:\/\/nccomputertech.com\/techtalk\/category\/technology\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/HSn_18byc6k\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9343,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/05\/27\/this-week-in-tech-668-how-many-cups-in-a-stone\/","url_meta":{"origin":7150,"position":3},"title":"This Week in Tech 668: How Many Cups in a Stone?","author":"NCCT","date":"May 27, 2018","format":false,"excerpt":"https:\/\/youtu.be\/i1oqaFyVcQ0 --The FBI wants you to reboot your router right now. FBI agents have gained control of a huge Russian botnet. If your router is affected you just need to reboot it. --Facebook and Russian ads - how should government react in the age of cyber warfare? --Amazon sells facial\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/i1oqaFyVcQ0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9339,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/05\/14\/this-week-in-tech-666-leave-john-legend-um-alone\/","url_meta":{"origin":7150,"position":4},"title":"This Week in Tech 666: Leave John Legend, Um, Alone!","author":"NCCT","date":"May 14, 2018","format":false,"excerpt":"https:\/\/youtu.be\/U_aUjM9MNhk ZTE shuts down, but help is on the way from an unlikely tweet. Google I\/O shows off creepy robocallers and helpful directions. Microsoft Build brings Cortana\/Alexa integration and the return of Kinect. Congress releases over 3500 Russian Facebook election ads. Cambridge Analytica \"dies,\" is reborn as Emerdata. Robocaller gets\u2026","rel":"","context":"In &quot;Microsoft&quot;","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/U_aUjM9MNhk\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9387,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/07\/29\/this-week-in-tech-677-to-serve-cat\/","url_meta":{"origin":7150,"position":5},"title":"This Week in Tech 677: To Serve Cat","author":"NCCT","date":"July 29, 2018","format":false,"excerpt":"https:\/\/youtu.be\/9koTMZi05pk This Week in Tech Facebook's stock crash, Tesla surfboards, Russia hacks utilities, and more. -- Jason Calacanis tells us what's going on with his buddy Elon Musk. -- Apple fixes the MacBook Pro's throttling issue. -- Facebook and Twitter stock takes a dive over poor growth numbers, but Google\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/9koTMZi05pk\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7150","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=7150"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/7150\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=7150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=7150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=7150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}