Sign Up
wArmour

SoakSoak WordPress Malware – Problems & Solutions

Written by wArmour on . Posted in Blog

We are starting to see reports around the web of a huge new security issue with WordPress sites that has conservatively hit around 100,000+ WordPress sites already with over 10,000 already blacklisted and removed from Google search results. It would seem, but is not 100% confirmed that this has grown out of a known vulnerability in Revslider 4.1.4 and older which was reported a few months back and is included by default in many WordPress themes. Likely here we are seeing a well coardinated attack to exploit an old issue that has been largely unpatched by most site owners, designers and developers.

SoakSoak.ru

The vulnerability is seemingly hosted over on SoakSoak.ru (purposely not linked). Visiting this page in Google Chrome provides the following security advisory:

Chrome Browser Vulnerability Warning for the Soak Soak Vulnerability

SoakSoak Details

It would seem the exploit modifies the wp-includes/template-loader.php to load a file called wp-includes/js/swobject.js on every page. This file then loads a javascript file from SoakSoak.ru called hxxp://soaksoak.ru/xteas/code.

Impact

The virus will try to download files to visitors computers and infect their computers – clearly not a great user experience for your customers. Google will pick up on this pretty quickly and your site will be blacklisted, will have a notification that the site may hurt visitors computers with any search results and a warning screen as above when users click through in major browsers. Additionally, trust is harmed and hacked sites will tumble from search results. Adwords accounts will also be suspended whilst a site is penalised. Not a great way to spend the last shopping week before Christmas 2014.

Prevention and Fixes

The first thing to do is determine A) if you are vulnerable and B) if you are infected. You then need to update the slider plugin and perform a full security audit to get your site and all plugins safe and secure. As always, the offence is a good defence and keeping plugins up-to-date along with some base level security will stop your site being a target.

Free Security Audit

Get in touch for a free security audit and to learn more about how to pro-actively protect your site from this problem and other ones like it.

Get in Touch

Leave a comment

Get Secure - Get wArmour

WordPress is better when it’s wearing wArmour.
Contact us today to secure your website and resolve any existing problems!

Get wArmour