WordPress being the most popular CMS has always been a target for the hackers and cyber criminals and the latest malware attack has compromised around 100,000 WordPress sites. The Russian malware SoakSoak was first noticed on Sunday morning when it started turning the WordPress blogs and websites into attack platform via ‘Slider Revolution’, a slideshow plugin by Revslider.
Tony Parez, CEO at security firm Sucuri said in an official blog post,
“Our analysis is showing impacts in the order of 100’s of thousands of WordPress specific websites. We cannot confirm the exact vector, but preliminary analysis is showing correlation with the Revslider vulnerability we reported a few months back.”
Up to now Google has caught only 11000 infected domains and has blacklisted them. The infected domains will land with a warning message saying, “The Site Ahead Contains Malware’ and may also experience the redirects to SoakSoak.ru.
According to the report submitted by security firm Sucuri, personal WordPress blogs are safe, as the SoakSoak malware attacks only self-hosted WordPress websites. However, you are still under risk if you blog on WordPress and visit the SoakSoak infected websites.
As per the report submitted by Sucuri, SoakSoak malware modifies the Template-loader of the websites located at /wp-includes/template-loader.php and adds the malicious content.
All clients behind the Sucuri Website Firewall are currently protected from this malware campaign. Sucuri also advises the webmasters to keep their plugins updated and scan their websites regularly to secure your WordPress sites.
This site is a happy user of the Sucuri Firewall.
