SoakSoak Malware Compromises 100,000+ WordPress Websites
On Sunday December 14 2014, Google blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru:
Our analysis is showing impacts in the order of 100’s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a few months back.
The impact seems to be affecting most hosts across the WordPress hosting spectrum.
The code added to infected sites is:[message type=”error”]
SoakSoak Malware Anatomy
It is modifying the file wp-includes/template-loader.php and this causes the wp-includes/js/swfobject.js to be loaded on every page you view on the site which includes the malware.
If you believe you are infected you can use this Free SiteCheck scanner.