Rogue AntiVirus keeps going: 200,000 WordPress sites got infected

by Julie Splinters - -

An improved set of high volume injections has been targeting WordPress pages.[1] It appears that the malware has already compromised over 200,000 websites.

fake antivirus

The mass-injections direct potential victims to a false AV site which performs a scan on the device as an element of Windows Security Alert. The window that appears on the screen after the “scan” reminds of a Windows Explorer window which prompts to install an AntiVirus system. This “AntiVirus” system turns out to be a malicious Trojan.

According to Websense Security Labs blog, 85% of the infected WordPress Websites are hosted in the USA. However, the threat goes to everyone who visits these compromised sites.[2]

Senior Malware Analyst Vyacheslav Zakorzhevsky[3] announced that the number of fraudulent AntiVirus programs has been decreasing. Even though false AV notifications fall, those false “windows errors” pop-ups remain.


About the author

Julie Splinters
Julie Splinters - VPN service analyst

Julie Splinters is a VPN service analyst at, who specializes in VPN services and anti-spyware applications. Her major of English Philology and her passion for IT helped her choose the path of an IT writer.

Contact Julie Splinters
About the company Esolutions


now online
Like us on Facebook