A Russian malware called SoakSoak has infected thousands of Wordpress sites causing Google to blacklist more than 11,000 domains, according to researchers at the security firm Sucuri.
The malware basically turns infected Wordpress sites into attack platforms that target their visitors.
And it looks as if this malware will be very difficult to expunge as long as site owners aren't aware it is there.
According to the researchers, the problem stems from a vulnerability in a slideshow plug-in called Slider Revolution, or as the security researchers refer to it, RevSlider.
Hackers have used this vulnerability as a point of penetration where they can upload a backdoor and infect malware into all websites that share the same server account. Basically, this means that even Wordpress sites that don't use the RevSlider plug-in can be infected, too. Yikes.
To make things worse, it appears the malware evolves. According to the researchers, some sites are showing variations of the malware. The first versions of the malware discovered used two files, while some later discovered used three.
If you use Wordpress as your own content-management system and want to know if your site has been affected, the folks over at Securi suggest using their free SiteCheck scanner for a check-up.
—By CNBC's Cadie Thompson.