The Russians are at it again. Online security firm Sucuri has said it has detected a malware called SoakSoak which has infected over 100,000 WordPress (WP) Sites since last Sunday.
According to Sucuri, the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. The Slider Revolution team, it claimed, had known about the vulnerability since September, but they failed to fix it.
A post on the official Sucuri blog said: Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru).
After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider plugin. We disclosed a serious vulnerability with this plugin a few months ago, it seems that many webmasters have either not heard of or did not take seriously the vulnerability.
The biggest problem, it seems, is that the RevSlider plugin is a premium plugin, which means it’s not something everyone can easily upgrade. The security firm posted that some Website owners did not even know they had contracted the virus, as it had been packaged & bundled into their themes. Sucuri said it was remediating 1000s of Sites.
There’s also a warning for some from Sucuri: We are hearing a lot of recommendations Online to just replace the swfobject.js and template-loader.php files to remove the infection.
It does removes the infection, but does not address the left over backdoors and initial entry points. The website will be reinfected quickly. If you are affected by this, expect to find yourself riddled with backdoors and infections, you have to not only clean, but also stop all malicious attacks. You can stop malicious attacks through the use of a Website Firewall, ours or someone else, just use a Firewall, a real one preferably.
You may also want to read: Android users since 2010 may have had their data exposed because of vulnerability
Advertising Message
