A Russian computer virus, called SoakSoak, has infected 100,000 WordPress websites. The purpose of the attack is unknown at this time. The malware changes the site into an attack platform that will target visitors to the site, according to Entrepreneur.
The malware was loaded onto sites through the Slider Revolution plugin (RevSlider). The RevSlider plugin is often packaged into site bundles, so owners can be unaware if their site even runs this plugin.
"The biggest issue is that the RevSlider plugin is a premium plugin, it’s not something everyone can easily upgrade and that in itself becomes a disaster for the website owner," online security firm Sucuri stated. "We’re currently remediating thousands of sites and when engaging with our clients many had no idea the plugin was even within their environment,” reported ArsTechnica.
The makers of RevSlider knew of the vulnerability of their plugin all year but decided to keep quiet until September. They had hoped users would install updates that would solve the problem. However, many users did not update the plugin, according to The Telegraph.
Sucuri has a free tool that site owners can use to check if their site was infected: http://sitecheck.sucuri.net/
Removing the malware involves deleting the malicious code. However, as ArsTechnica stated, simply deleting the code will leave open backdoors and entry points that will cause you to be reinfected almost immediately. The only way to stop the attacks is to use a good Firewall.