Tag Archives: Website Infection[s]

RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise

Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider More Info »

RSS Reveals Malware Injections

There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check for More Info »

The Dangers of Hosted Scripts – Hacked jQuery Timers

Google blacklisted a client’s website claiming that malicious content was being displayed from forogozoropoto.2waky.com. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon we found the offending script. It was hxxp://jquery.offput.ca/js/jquery.timers.js – a jQuery Timers plugin that was moderately popular 5-6 years ago. Right now, More Info »

WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability

The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It though as many are still not getting the word, or blatantly not updating, because we are seeing More Info »