The Pirate Bay clone targets Wordpress sites with Trojan virus; Check for infection

Wikipedia

For people who are hosting sites via Wordpress, you may want to check if your site is running on the latest Flash Player.

Apparently there is a new malware going around victimizing Wordpress sites. The culprit was identified as a Pirate Bay copycat which has been slinging some malware which may pose a big problem, particularly to the folks who may end up infected.

The malware makes use of Wordpress sites' iframe which is eventually tied up to a click fraud scam for some rogue advertising affiliate. Such is a part of an attack whose main purpose is to redirect surfers to thepiratebay (dot)in(dot)ua. It should be noted that the Pirate Bay copycat has no relation to the Pirate Bay mirror site.

The site is said to be actively pushing a dreaded Nuclear exploit kit which exposes the vulnerability of a Flash Player and includes downloading a banking Trojan. Aside from updating the Flash Player for Wordpress, site owners are advised to resort to WP Install and credible up-to-date Wordpress plugins to fend off the said exploit.

Users who visit the site are likewise cautioned on the said infection. For their part, surfers are advised to update their Flash Players as well.

The tactic being used by the Pirate Bay copycat is the same campaign used last year known as "SoakSoak". SoakSoak took advantage of RevSider vulnerability and was a massive campaign discovered by web security company Sucuri.

For Wordpress owners who want to determine if their site is one of the unfortunate victims of the Pirate Bay Clone, Malwarebytes provides some instructions on how to do so. This includes looking for a code which may intentionally be hidden.

A free sitecheck tool from Sucuri is another option to check if their Wordpress site is infected. You can find the tool here.