If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you disable it or remove it for now, at least until it gets fixed.
A customer alerted us to the issue, when you visit the settings page (e.g., site.com/wp-admin/options-general.php?page=sociable_select) you get a malware warning from Google (this site may harm your computer).
What is going on?
The issue is that the plugin is loading an image from a site that is currently compromised (inside this file: includes/class-sociable_Admin_Options.php):
http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png
That causes the browser to redirect to http://commitse.ru/ (known malware site). This is what happens when you load that image:
$ curl -D – -A “” http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png
HTTP/1.1 302 Found
Date: Fri, 07 Sep 2012 21:02:59 GMT
Server: Apache
Location: httx://commitse .ru
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1
There are some discussions on the WordPress forums about it here: http://wordpress.org/support/topic/plugin-sociable-image-causing-malware-detected-flags, but in the mean time, we recommend users delete or disable the plugin.
It doesn’t look like the plugin was compromised, just an external image was used and the site housing that image is currently compromised.
We will post more details when we have it.
Cesar Anjos
Liam Smith
Denis Sinegubko
Ben Martin
7 comments
That’s a common issue when plugins use 3rd party resources as a 3rd party site could be compromised and provide all kinds of external content to the site where the plugin is active
any updates about the plugin?
Thanks for sharing
this information, i truly love your weblog. Keep this good work &
enlighten us with your new post. Thanks.
http://journalpsyche.org/
Comments are closed.