14 DAY TRIAL // A large WordPress poisoning was discovered after the infection spreading website was shut down and error messages began appearing on the compromised pages.
As Sucuri Research blog reveals, this isn't the only mass infection that affected WordPress sites in the past period, last year a similar situation having been found by their researchers. At that moment, the number of victims was unknown, but this time a simple Google search revealed that the number rose to 50,000.
I've decided to check it out myself and it turns out to be true. Google returned 53,000 links that belong to locations that contain the error message.
The error message revealed itself in place of some malicious links that were supposed to show up in the exploited HTML documents at the bottom of the page. After the location was taken out of service, error alerts appeared instead of the illegal ads. Besides the “wplinksforwork” domain, I've also noticed another malvolent address called “hemoviestube,” which also seems not to be functional at the moment.
The number of infections might be even higher than the one mentioned before as websites that don't have PHP alerts turned on may not display the warning.
The conclusion that has to be drawn from this massive attack is that while webpages become easier to build, they become harder to protect. Using dedicated applications a page can be created in a few days by even inexperienced people, but the security features are in most cases forgotten.
Because most of the victim internet sites ran an outdated version of WordPress, the direct lesson that can be learned from this hit is that newer releases, especially for web applications, are not made just for fun. In many cases they contain major improvements and fixes that could make the difference.
Malware and blacklist status scanners are always a good tool you can use to check if your website is safe or if it's vulnerable to attacks. Many free such utilities are available online and they don't require any extra knowledge to interpret the scan results.