If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you disable it or remove it for now, at least until it gets fixed.
A customer alerted us to the issue, when you visit the settings page (e.g., site.com/wp-admin/options-general.php?page=sociable_select) you get a malware warning from Google (this site may harm your computer).
What is going on?
The issue is that the plugin is loading an image from a site that is currently compromised (inside this file: includes/class-sociable_Admin_Options.php):
http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png
That causes the browser to redirect to http://commitse.ru/ (known malware site). This is what happens when you load that image:
$ curl -D – -A “” http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png
HTTP/1.1 302 Found
Date: Fri, 07 Sep 2012 21:02:59 GMT
Server: Apache
Location: httx://commitse .ru
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
There are some discussions on the WordPress forums about it here: http://wordpress.org/support/topic/plugin-sociable-image-causing-malware-detected-flags, but in the mean time, we recommend users delete or disable the plugin.
It doesn’t look like the plugin was compromised, just an external image was used and the site housing that image is currently compromised.
We will post more details when we have it.
Pingback: 36 free plugin | various posts,postari diverse,info()
Pingback: Wordpress Manuals, Videos and Advice - In Between Nap Time | The Wordpress Mom()
Pingback: WordPress Security Threats - Sep/2012()
Pingback: WordPress Security Threats – Sep/2012 | D Ness Car Key()