Security Alert: Is Your WordPress Site Hosting Blackhole Malware?

According to security firm Sophos
, a major malware campaign now underway is using insecure WordPress sites (not up-to-date secured sites) to install harmful software on the computers of unwitting visitors.

The campaign works like this:

  1. An email is sent to a random person with the subject line, “Verify your order.”
  2. In the email is a link to a malware-infected WordPress site. (These are legitimate sites that have been compromised.)
  3. Clicking on the link takes the person to the infected site, and an attempt is made to install malware onto the visitor’s PC by using the Blackhole Exploit Kit.

The emails, says Sophos, typically take the following form:

Subject: Verify your order

Message body:

Dear [name], please verify your order #[random number] at [LINK]

We hope to see you again soon!

Sophos also reports an uptick in similar phishing schemes using “emails posing as traffic tickets from NYC, rejected wire transfer notifications and fake Facebook photo tag notifications.”

According to Sophos, they have detected the following malware in relation to this current campaign: Troj/PDFEx-GD, Troj/SWFExp-AI, Mal/ExpJS-N and Troj/Agent-XDM.

It should be repeated that this is not an issue with the current version of WordPress, and so it is recommended to make sure you have the latest version of WordPress, as well as up-to-date versions of all your plugins.

A quick and easy place to check your site for malware is’s site-check page.

Photo: Other Danger Sign from BigStock