Advertisements

SoakSoak Malware Compromises 100,000+ WordPress Websites

 In News

On Sunday December 14 2014, Google blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru:

Google-Blacklisting-SoakSoak.ru_

Our analysis is showing impacts in the order of 100’s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a few months back.

SoakSoak-RU-Blacklisted

The impact seems to be affecting most hosts across the WordPress hosting spectrum.

The code added to infected sites is:

[message type=”error”]

http://122.155.168.105/ads/inpage/pub/collect.js

[/message]

SoakSoak Malware Anatomy

It is modifying the file wp-includes/template-loader.php and this causes the wp-includes/js/swfobject.js to be loaded on every page you view on the site which includes the malware.

This malware when decoded loads a javascript malware from the SoakSoack.ru domain, specifically this file: hxxp://soaksoak.ru/xteas/code

If you believe you are infected you can use this Free SiteCheck scanner.

Sucuri-SoakSoak-SiteCheck

Advertisements
Recommended Posts

Leave a Comment

Start typing and press Enter to search

Technology News, Advice and More | Web Solutions, Development Services, Cloud Hosting, Professional Web Site Installation Services and more by Canada Web Developer