In recent days, WordPress sites have been under attack. Russian malware, known as SoakSoak, has infected over 100,000 sites. SoakSoak is capitalizing on a vulnerability in a WordPress third-party slideshow plugin, called Revslider. You can read more about the compromise at the Sucuri website: http://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive-wordpress-soaksoak-compromise.html
Several months ago, Sucuri noted Revslider had a critical vulnerability which was being exploited. At the time, they noted this premium, popular plugin could not only be downloaded but was also bundled with theme packages. Needless to say, this can create havoc if site owners are not aware they have the plugin installed. Sucuri has provided detailed information on how the vulnerability is being exploited: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
In order to minimize the impact of this attack, Google is working hard block infected domains. Thus far, the blacklisting has exceeded over 11,000 domains. Keep in mind WordPress sites are commonplace, and Google has only identified a small percentage of the infected domains. If you see the red malware alert screen, please venture back to safety.
At Dalen Design, we take safety and security seriously. Should you need assistance installing patches or plugin upgrades, please contact us.