Google blacklists Connah's Quay Town Council website after malware attack

News and Info from Deeside, Flintshire, North Wales

This article is old - Published: Sunday, Dec 28th, 2014

Connah’s Quay Town Council (CQTC) website is currently being blocked by Google after it appears to have become infected with Malware – Software which is specifically designed to disrupt or damage website’s and computer systems.

Screenshot from 2014-12-28 10:27:01

Last week, Google blacklisted thousands of sites infected by a virus similar to ‘SoakSoak’ an infamous strand of malware specifically designed to attack the vulnerabilities of websites such as Connah’s Quay Town Council, which like many others is built using ‘WordPress’ an open source website creation tool.

The malware finds it’s way into websites via plugins, bits of software that extend the functionality of WordPress websites, attackers inject malicious code into various files after vulnerabilities are discovered in a websites plugins.

This current malware campaign is targeting older versions of a popular WordPress plugin called RevSlider, versions prior to 4.2 are being exploited, updates have been pushed to those websites running the plugin however, the security patch has to be run manually by the sites ‘webmaster’ – failure to run the patch can lead to a malware infection which in turn can lead to those people visiting infected websites having their own computers infected.

SoakSoak is particularly nasty bug, once inside a website it will infect every page and open a host of ‘back doors’ up to further attack, cleaning the malware out requires a degree of expert knowledge and although it is straightforward reports suggest it can reappear quite quickly.

For those who think they may have an infected website Sucuri.net runs a free site checker which scans any webpage to see if it has been infected with SoakSoak or similar malware.

If your site is infected with ‘SoakSoak’ specifically, Sucuri recommends the deletion of two files if they are f — swfobject.js and template-loader.php — which will get rid of the initial infection however, a website will still be left vulnerable and likely to be infected again quickly.

Prevention is always better than cure and using a website firewall, such as those offered by Sucuri themselves as well as other internet security firms is perhaps the best bit of advice we could offer, sadly as seen with many other websites we’ve come across locally, when trying to cut corners and save a few quid website ‘designers’ often ‘forget’ to add simple security features to their creations, leaving owners with sizeable bills from professionals who have to clear up the mess.