18 Sep ALERT!! WordPress Malware – Active VisitorTracker Campaign – TAKE ACTION!
*Danger, Will Robinson! Danger!!*
Sucuri.net is reporting a masive growth of a very nasty malware infection that hits mostly WordPress powered websites.
The biggest takeaway – If your site becomes infected google will blacklist it. This means any and all search engine optimization work you have done will be for nothing as google won’t display your site in their search results.
If you are running a wordpress site that isn’t up to date you are a sitting duck!
- Scan your site for infection – https://sitecheck.sucuri.net/
- Update your wordpress install
- Update your plugins
- Disable plugins you don’t use
If you find an infection, need help updating, want to improve your site or just have questions about it don’t hesitate to contact us!
From the article:
We are seeing a large number of WordPress sites compromised with the“visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of sites.
Here is a quick snapshot of what we’re seeing with the infection rates over the past two weeks, but the most interesting trend is over the past 48 hours, as it has grown significantly. These are the daily infection rates:
We initially shared our thoughts on it via our SucuriLabs Notes, but as the campaign has evolved we have been able to decipher more information as we investigate the affects on more compromised sites. This post should serve as a resource to help WordPress administrators (i.e., webmasters) in the WordPress community.
Protect your sites!
We detected thousands of sites compromised with this malware just today and 95% of them are using WordPress. We do not have a specific entry point determined yet, but it seems to be a campaign targeting latest vulnerabilities in plugins. Out of all the sites we detected to be compromised, 17% of them already got blacklisted by Google and other popular blacklists.
If you are a WordPress user, make sure you keep all your plugins updated, including premium ones. I also recommend checking your site via our Free Security / Malware Scanner (SiteCheck) to verify if you’re currently being affected by this campaign. If you’re a system administrator and have access to your server you can use the following command (grep) to search for the infection on your files:
grep -r “visitorTracker_isMob” /var/www/
Once identified, we recommend you proceed with removing the infection and looking for any other indicators of compromise.