Wednesday, 17 December 2014

SoakSoak malware leaves 11,000 WordPress sites blacklisted by Google

More than 11,000 websites using WordPress blogging platform has been blacklisted by Google, after they were affected by the "SoakSoak" malware.
Security firm Sucuri, which initially reported the blacklist, said that the malware impact could be far wider through extending to hundreds of thousands of other sites.
SoakSoak modifies files in infected sites of WordPress and the loads a Javascript malware from the domain wherein the name was gotten.

Sucuri claimed that SoakSoak uses a RevSlider WordPress plugin and was first spotted in September. RevSlider is a premium plugin on WordPress themes and it is not what everyone can easily upgrade which is a disaster for the website owner said Sucuri's Daniel Cid.
He also added that even after cleaning the two files affected in the WordPress installation, they may be swiftly reinfected.

"This campaign also make use of a number of new backdoor payloads, with some being injected into images to further assist evasion and others are being used to inject new administrator users into WordPress installs, giving the even more control in the long term" he wrote.

Security researchers Graham Cluley suggested that Google's decision to blacklist more than 11,000 affected domains soon after the attack was publicised "a quick-thinking reaction which hopefully will make it more difficult for the attackers to monetise their cybercriminal campaign".

Affected site owners have been figuring out how to get their blogs cleaned up and back on Google. if you are one of them, this thread on the official WordPress forum may be useful.