Russian Malware Attacks WordPress Sites

Internet VirusIn a frightening turn of events for WordPress users and the blogging and app developer community in general, a Russian virus called SoakSoak may have infected as many as 100,000 WordPress sites. The SoakSoak.ru domain is its source, which is how the malware gets its name. It was first spotted by security firm Sucuri and the gaming site Dulfy was one of the first affected.

Dulfy managed to remove the code and went behind a firewall which took care of the matter in a timely manner. But many other admins who are not so vigilant may not have it so easy. Even sites that removed the malware code were re-infected. Dulfy admins also aren’t sure if the firewall is a permanent fix, since it’s not known yet what exactly is causing the infection or what the purpose is.

What does SoakSoak do?

SoakSoak modifies a file in the WordPress installation of the affected site, and uploads a JavaScript malware onto it. According to Sucuri, the virus is using a vulnerability in a slideshow plug-in for WordPress called Slider Revolution. The developers have fixed this with some updates, but the old version of RevPlug has been packaged into many themes that are still in use.

Since the infection began spreading, Google has done its bit to blacklist 11,000 sites to check the spread. But the big problem according to Sucuri is that many site owners don’t even know that they have the plug-in bundled in their website.

What can you do?

At the moment, if you think you’ve been infected you will need to remove the infected code and also update the premium version of the plug-in. If the plug-in is there on your site as a part of a theme, it won’t update automatically, which is when site admins have to get hands-on with updating.

Why did this happen?

As Sucuri explained on their website right after SoakSoak made its appearance, the vulnerability in the RevSlider plugin was spotted by them months ago in September but “patched silently” by developers. Developers failed to openly warn users of the problem, thus the fiasco.

The biggest lesson to be learned from SoakSoak’s invasion is for the developers: it’s important to let users know about bugs or possible vulnerabilities in plug-ins or apps, before things get out of hand.

If you would like to find out more or get any help contact Adeo Group today.

Work With Us.

The whole team at Adeo have been an absolute pleasure to work with. This is a heartfelt truism and not just words.

- Polly Smith, Director, Motogoloco

Our Partners

We work around you

We like to push the limits

Globe Plane

4 Offices Worldwide

Birthday Cake

We're 18 years old!