Security Alert: Is Your WordPress Site Hosting Blackhole Malware?

According to security firm Sophos
, a major malware campaign now underway is using insecure WordPress sites (not up-to-date secured sites) to install harmful software on the computers of unwitting visitors.

The campaign works like this:

  1. An email is sent to a random person with the subject line, “Verify your order.”
  2. In the email is a link to a malware-infected WordPress site. (These are legitimate sites that have been compromised.)
  3. Clicking on the link takes the person to the infected site, and an attempt is made to install malware onto the visitor’s PC by using the Blackhole Exploit Kit.

The emails, says Sophos, typically take the following form:

Subject: Verify your order

Message body:

Dear [name], please verify your order #[random number] at [LINK]

We hope to see you again soon!

Featured Plugin - WordPress Membership Site Plugin

If you're thinking about starting a paid, or just private, membership site then this is truly the plugin you've been looking for. Easy to use, massively configurable and ready to go out of the box!
Find out more

Sophos also reports an uptick in similar phishing schemes using “emails posing as traffic tickets from NYC, rejected wire transfer notifications and fake Facebook photo tag notifications.”

According to Sophos, they have detected the following malware in relation to this current campaign: Troj/PDFEx-GD, Troj/SWFExp-AI, Mal/ExpJS-N and Troj/Agent-XDM.

It should be repeated that this is not an issue with the current version of WordPress, and so it is recommended to make sure you have the latest version of WordPress, as well as up-to-date versions of all your plugins.

A quick and easy place to check your site for malware is’s site-check page.

Featured Plugin - WordPress Q&A Site Plugin

It's now incredibly easy to start your own Q&A site using nothing more than WordPress - The Q&A plugin simply and brilliantly transforms any site, or page, into a perfect support or Q&A environment.
Find out more

Photo: Other Danger Sign from BigStock


Comments (3)

  1. Good article.

    This seems to be the latest trends, been going for a while. It’s very interesting to see the resurgence of email phishing, but more so of the combination of Phishing with Malware. What really stinks about Phishing sites like these are that there aren’t any links externally from the main site, its one of those things you have to know exists and have a direct link to.

    If people fine these I’d encourage them to add to the website. Doing so would greatly help, or let someone know, like us at Sucuri so that we can push upward from there.