WARNING – SlideShare embed code adds Malware Script in WordPress Posts

malware-script-wordpress

Did you ever embedded a SlideShare presentation (from slideshare.net) in your WordPress blog posts? Go ahead and follow the steps mentioned in this post to check whether those posts are automatically getting any malware script. We have found the malware script on each post on our blogs where SlideShare presentation embed code was used. Here is the complete story.

Update – This issue is on both versions on WP i.e. self hosted WordPress and WordPress.com.

Update – We have received a clarification from Jon Boutelle, CTO, SlideShare as the piece of code (script) in question is an analytic script used to get browsing data about the embedded presentation. Checkout the clarification from Jon in comment area.

What Kind of Malware Script?

It was shocking for me as I had trusted SlideShare and had already embedded presentations in around 6 – 7 posts. I found a piece of code as mentioned below at the bottom of the post in HTML view on WordPress Dashboard. When I dug more on that code, found that the script may cause “Automatic Redirect” for the blog post to some crazy domain. Even the site is full of malware and is dangerous for system.

wordpress-malware-script

Note: I would suggest you not to open the domain highlighted (b.scorecardresearch.com) in above image if you are not using any security software as that may cause problem for your system.

How to Find Malware Code in WordPress Posts

Most of the time, I write and edit posts in “Visual” format on WordPress Dashboard and the malware code is not visible in that format. As my wife is used to write or edit in HTML format, she noticed the culprit code. Even if you open the post directly in HTML format (default), you will not find the piece of code. But once you will change the format from HTML to Visual and again to HTML for the same post without reloading you will see the script at the bottom of the post (in HTML view). Here is one of the post having malware script visible in HTML view on dashboard (edit window),

wordpress-slideshare-issue-1

In the above image, I want to show you both Visual and HTML formats for the same post on WP edit window on dashboard. You can see there is no indication of malware code in visual format, but once I changed to HTML format for the same post, I can see two new lines at the bottom of the post. They are nothing but malware script which may cause serious problems to webpage.

Once I removed the SlideShare embed code from the post and also deleted the script in question, the malware script never appeared again. That’s how I concluded that the malware script is coming because of the SlideShare embed code only.

After that I verified few posts on my blog which are having YouTube embed code, but didn’t find any problem with them.

Why Google still not reported any Malware on Site?

I used to check Google Webmaster Tool for many purposes. One of them is to check whether google is reporting any malware on my site. You can check that on Google Webmaster under “Diagnostics ==> Malware” section. That was not showing any malware report for my site. Actually I never swapped the format of the posts from Visual to HTML for the posts having SlideShare Embed code. And that’s why the malware script never ever appeared in the page source of the post and that’s why never met Google bot.

That’s a relief for me but you should cross check Google Webmaster Tool to find any such report for your blog. If you find so, try to detect SlideShare embed code on your blog and remove them ASAP.

What others are saying about this malware or untrusted Script

After researching a bit about the piece of code, I found that many people are facing the issue. Either sites are redirecting to other untrusted domain or getting malware reporting from Google and even got penalty from Google. Here is an image from Mozilla support where a guy reported automatic redirect because of this kind of script.

wordpress-slideshare-issue-2

WordPress users; if you have ever embedded SlideShare Presentation embed code in any of your post, go ahead and review the same. If you find this kind of malware script, I would recommend to remove the code from there till SlideShare resolves this issue.

Spread the word to let others know about this serious problem with SlideShare embed code in WordPress. I am not sure whether other CMS platforms or embed codes other than SlideShare are also seeing this kind of malware script addition. If you find any information related to this problem, share them through comments.

Sanjeev Mishra is a professional blogger and an Internet Marketing Consultant based in India. He has built the Internet Techies to provide you updates in technology and web application area.
  • While we are looking into this, I can assure you that SlideShare does NOT insert malware code.

    Arun,
    SlideShare

  • SlideShare is no doubt one of my favorite place to host or browse presentations and as I said it was shocking for me to see such auto-generated script on posts. Someone somewhere is just playing bad with their embed code and capable of adding malware script on post’s HTML. Thanks for taking this matter seriously, hope to get some update soon as it is affecting self hosted WP as well as wordpress.com sites.

  • b.scorecardresearch.com is not malware but it is a webtracking company, and is associated with Comscore and is breaking websites all over the place. It even made my pages hang and go blank.

    http://forum.thewindowsclub.com/windows-clubhouse/31750-b-scorecardreasearch-com-twc-website.html

  • Thanks sanjeev for giving a security alert. By the way i am going to use a Jquery based carousel, is it will help in to reduce bounce rate?

  • This is just a comscore analytics link. It’s a javascript call that lets us know stuff like how many people have viewed embeds, how many times have embeds been viewed, what countries have the most embed views, etc.

    It’s very similar to google analytics, quantcast, etc (although it’s a LOT more expensive ;-<).

    Hope this helps.

    -Jon Boutelle
    CTO, SlideShare

  • Thanks Jon for the clarification.

    But as the code appear at the bottom of the post, it really scary for users. If the code is for tracking data, then I would suggest to provide the script in the embed code only. Just a suggestion as it scared me and even people on web are reporting about site crash and other issues because of similar code.

    Anyway, updated the post after getting clarification from your side.

  • I agree with Sanjeev.

    These days even the most secure sites in the world (especially the most popular sites like slideshare) are vulnerable to malicious attacks, malware code planting and slideshare isn’t an exception.

    May be the team at slideshare should consider the author’s suggestion and provide the script in the embed code only…