SoakSoak Description

Type: Trojan

The SoakSoak infection has compromised more than 100,000 WordPress websites. SoakSoak first attracted attention after Google blacklisted more than 11,000 different domains that have been associated with a threat campaign linked to These attacks have impacted hundreds of thousands of websites using the WordPress platform. There is a relationship between SoakSoak and a vulnerability in the popular WordPress plug-in Revslider. This vulnerability was first uncovered a few months ago, making this increase in SoakSoak attacks a probable result of this exploit.

How SoakSoak Attacks a Comnputer

The way in which SoakSoak attacks is by affecting a specific file in WordPress. This file is wp-includes/template-loader.php. To carry out its attacks, SoakSoak injects threatening code into the file. This allows a threatening script to be loaded into every Web page on the affected domain. This script loads a threatening Javascript file from the domain, which may then be used to carry out various unwanted tasks on the infected computer. Using a security program and a strong Firewall can help prevent SoakSoak attacks and unauthorized scripts like these from loading.

The People Responsible for SoakSoak Attacks Have Updated Their Tactics

After Google had taken the step of blacklisting thousands of Web pages that had been affected by SoakSoak, the people behind SoakSoak reacted by using a different tactic in their attacks. The new wave of SoakSoak attacks now targets a different file as well, wp-includes/js/json2.min.js. The attack is similar; third parties modify this file so that it may load a threatening Flash file that carries out the SoakSoak attack. SoakSoak now includes an additional script from another threatening domain. Website administrators using the WordPress platform should take extra steps to ensure that their Web pages are protected from these types of threatening intrusions, paying special attention to plug-ins and ensuring that all software is always updated.

SoakSoak Attacks have been Associated with a Specific WordPress Plugin

To carry out attacks, third parties have targeted old versions of RevSlider. This is a popular WordPress plug-in that may be packaged and bundled into a WordPress theme. Versions prior to RevSlider 4.2 are being exploited by SoakSoak attacks. Discussions of the RevSlider vulnerability on underground sources had occurred several months ago. One issue with RevSlider is that this is a premium plugin that cannot be easily upgraded by all computer users. In many cases, RevSlider is packaged or bundled in a WordPress theme without the website owner's knowledge. These two characteristics have increased the distribution and potential risk of SoakSoak attacks. RevSlider's developers have silently patched this plug-in, although many websites have not been updated to include this new patch, making them still vulnerable to these attacks.

What are SoakSoak Attacks' Goal

The main purpose of SoakSoak is to generate revenue at the expense of computer users. By distributing this threatening script, third parties may deliver threats to computers automatically. Third parties may profit from doing this utilizing various tactics. An adware infection could be installed to profit from advertising, or banking Trojans could be installed in order to gather victims' banking information. In many cases, the affected computer could be used as part of a botnet to carry out attacks or distribute additional threats or spam email messages. Computer users should keep all of their software fully up-to-date, especially Flash and Java, which are both involved in different variants of the SoakSoak attack. It is also highly recommended to use real-time protection while browsing the Web in order to prevent these types of threatening scripts from running on websites visited by computer users.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.