Researchers at Sucuri are warning that it will be hard to completely eradicate the malware so long as many site owners have no idea that it is there. In order to remove, the malicious code, site administrators will need to update the WordPress premium plug-in. According to Daniel Cid from Sucuri, “The biggest issue is that the RevSlider plugin is a premium plugin; it is not something that everyone can easily upgrade and this can easily become a disaster for website owners. Some website owners have no idea they have it, as it has been packaged and bundled into their website themes. We are currently remediating thousands of sites and when engaging with our clients many had no idea the plugin was even within their environment.” In addition, Cid stated that even when website owners try to clean the affected files in their WordPress installation, they may be rapidly re-infected, because of improper cleaning efforts.
Gaming site Dulfy was one of first infected domains to fix the problem by removing code and going behind a firewall, but it may persist on blogs with less diligent administrators indefinitely. In addition, Dulfy’s administrators are not even sure that the fix is permanent. "The firewall will be a temporary measure until we can figure out what is doing it" site owner Kristina Hunter stated.
Over 70 million sites use WordPress as a content management system, from personal blogs to Time.com. This is bad news for anyone who uses the internet. WordPress sites are incredibly common, and Google has only caught a small percentage of the infected sites. Yet, it is not clear if the malware distributors are aiming to steal data or do something even more despicable. In the meanwhile, security researcher Graham Cluley suggested that Google’s decision to blacklist more than 11,000 affected domains soon after the attack was publicized was “a quick-thinking reaction which hopefully will make it more difficult for the attackers to monetize their cybercriminal campaign”.
I could have not written this article without the help of the following sources: