WordPress under attack 100,000+ WP Websites compromised by SoakSoak Malware

SoakSoak Malware Compromises 100,000+ WordPress Websites

News of a malware campaign against WordPress has been doing the rounds since owners and webmaster of wordpress blogs found out about websites getting blacklisted by Google. Around 11,000 domains had been blocked due to the latest malware campaign which has now swelled to 100,000. This campaign  has been brought by SoakSoak.ru, thus being dubbed the ‘SoakSoak Malware’ epidemic.

The malware

Once your website has been infected by the malware, you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge. The attack vector for the malware is not yet known, as is the reason of this campaign.  This campaign has resulted in a loss both revenue and reputation for the WordPress blog owners who are blacklisted by Google.

SoakSoak malware modifies the file located at wp-includes/template-loader.php which causes wp-includes/js/swobject.js to be loaded on every page view on the website and this “swobject.js” file includes a malicious java encoded script malware.

SoakSoak Malware Compromises 100,000+ WordPress Websites

Security Net

The security team which has been investigating the campaign –  Sucuri –  says that this campaign does not appear to be specifically targeted towards WordPress,  the victims seem to be blogs relying on its frame work.  So the fact that most of its victims are WordPress websites, may just be a coincidence.

If you run any website and are worried about the potential risk of the infection to your website, Sucuri has provided a free SiteCheck tool here scanner that will check your website for the malware. The exact method of intrusion has not been pointed out at this time, but numerous signals led to believe us all that many WordPress users could have fallen victim to this attack. However, if you have enabled a Firewall,  CloudProxy or CDN service, you are protected from the SoakSoak malware campaign.

4 COMMENTS

  1. That Sucuri tool is one of those “Your computer is infected with 1700 malware cookies! Please purchase our product to save yourself from mass extinction.”While not a bad tool, and it definitely can detect real malware, don’t forget it is a commercial product and it will display “threats” no matter what state your site really is in.

    • @lyle: sucuris tool is not that evil. Although I agree that many tools work as you describe, sucuri give a fair scan. Since I used sucuri services on one of my infected sites, rankings have been restored and some even increased.
      I find it a good service at a fair price.
      I guess it all depends on which level a site operates. For basic protection sucuri works fine.

  2. 99% of WordPress security is keeping your sites updated. That includes themes, plugins, and WordPress version. Most hackers are just looking for known vulnerabilities. If you stay updated you will prevent 99% of the attacks. Then for the other 1% you might want to use Wordfence or or ithemes security to give you a little more protection.

  3. I have been hacked several times and I got contacted by Sitelock. They wanted to charge me $80 per month to remove the malware from my site. This was such a rip off in my opinion. I mean I’m paying for hosting then now they want me to pay every month for my website to be secure. I did some searching online and I found a service called https://www.RemoveMalware.net . They removed the malware plus secured it so I wouldn’t get hacked again for only $99 one time fee. So if you get hacked due your research you don’t have to get locked into a monthly fee or anything. There are services out there that will fix this for you for a fair price.

LEAVE A REPLY

Please enter your comment!
Please enter your name here