Posted: Sun 28th Dec 2014

Google blacklists Connah's Quay Town Council website after malware attack

News and Info from Deeside, Flintshire, North Wales
This article is old - Published: Sunday, Dec 28th, 2014

Connah’s Quay Town Council (CQTC) website is currently being blocked by Google after it appears to have become infected with Malware – Software which is specifically designed to disrupt or damage website’s and computer systems. ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

Screenshot from 2014-12-28 10:27:01 ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

Last week, Google blacklisted thousands of sites infected by a virus similar to ‘SoakSoak’ an infamous strand of malware specifically designed to attack the vulnerabilities of websites such as Connah’s Quay Town Council, which like many others is built using ‘WordPress’ an open source website creation tool. ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

The malware finds it’s way into websites via plugins, bits of software that extend the functionality of WordPress websites, attackers inject malicious code into various files after vulnerabilities are discovered in a websites plugins. ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

This current malware campaign is targeting older versions of a popular WordPress plugin called RevSlider, versions prior to 4.2 are being exploited, updates have been pushed to those websites running the plugin however, the security patch has to be run manually by the sites ‘webmaster’ – failure to run the patch can lead to a malware infection which in turn can lead to those people visiting infected websites having their own computers infected. ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

SoakSoak is particularly nasty bug, once inside a website it will infect every page and open a host of ‘back doors’ up to further attack, cleaning the malware out requires a degree of expert knowledge and although it is straightforward reports suggest it can reappear quite quickly. ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

For those who think they may have an infected website Sucuri.net runs a free site checker which scans any webpage to see if it has been infected with SoakSoak or similar malware. ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

If your site is infected with ‘SoakSoak’ specifically,  Sucuri recommends the deletion of two files if they are f — swfobject.js and template-loader.php — which will get rid of the initial infection however, a website will still be left vulnerable and likely to be infected again quickly. ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

Prevention is always better than cure and using a website firewall, such as those offered by Sucuri themselves as well as other internet security firms is perhaps the best bit of advice we could offer, sadly as seen with many other websites we’ve come across locally, when trying to cut corners and save a few quid website ‘designers’ often ‘forget’ to add simple security features to their creations, leaving owners with sizeable bills from professionals who have to clear up the mess.  ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

  ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

   ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

  ‌​‌‌​​​‌‍‌​‌​‌‌‌​‍‌​‌​‌‌​​‍‌​​‌‌‌‌​‍‌​​​​‌‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌‌​‌​‍‌​​​​‌‌​‍‌​‌‌‌‌‌​‍‌​​​‌‌​‌‍‌​​‌‌​‌​‍‌​‌​‌​‌‌‍‌​​‌​‌‌‌‍‌​​‌​‌‌​‍‌​​‌‌​‌​‍‌​​​‌​​‌‍‌​​‌‌​‌​‍‌​​​‌‌​​

Spotted something? Got a story? Send a Facebook Message | A direct message on Twitter | Email: News@Deeside.com

Latest News

  • Jade’s Law: Campaigners triumph as Government u-turns on parental responsibility laws
  • Sports organisations across Wales support NSPCC ‘Keeping Your Child Safe in Sport Week’
  • Rescue pet crisis continues: RSPCA faces biggest ever rehoming challenge

  • More...

    Jade’s Law: Campaigners triumph as Government u-turns on parental responsibility laws

    News

    Sports organisations across Wales support NSPCC ‘Keeping Your Child Safe in Sport Week’

    News

    Rescue pet crisis continues: RSPCA faces biggest ever rehoming challenge

    News

    Alyn and Deeside politicians urge Home Secretary not to appeal Flintshire hotel asylum plans

    News

    National Living Wage set to increase to £11 next April, boosting incomes for 120,000 in Wales

    News

    Flintshire composer Paul Mealor takes charge of prestigious North Wales International Music Festival

    News

    Welsh Water submits £3.5 billion proposal to invest in infrastructure and environmental initiatives

    News

    Residents rally against proposed changes to nighttime cover at Deeside Fire Station

    News

    Mold based NEWSAR called to rescue injured hiker from Moel Sych amid adverse conditions

    News