SoakSoak DescriptionType: Trojan
The SoakSoak infection has compromised more than 100,000 WordPress websites. SoakSoak first attracted attention after Google blacklisted more than 11,000 different domains that have been associated with a threat campaign linked to SoakSoak.ru. These attacks have impacted hundreds of thousands of websites using the WordPress platform. There is a relationship between SoakSoak and a vulnerability in the popular WordPress plug-in Revslider. This vulnerability was first uncovered a few months ago, making this increase in SoakSoak attacks a probable result of this exploit.
How SoakSoak Attacks a Comnputer
The People Responsible for SoakSoak Attacks Have Updated Their Tactics
After Google had taken the step of blacklisting thousands of Web pages that had been affected by SoakSoak, the people behind SoakSoak reacted by using a different tactic in their attacks. The new wave of SoakSoak attacks now targets a different file as well, wp-includes/js/json2.min.js. The attack is similar; third parties modify this file so that it may load a threatening Flash file that carries out the SoakSoak attack. SoakSoak now includes an additional script from another threatening domain. Website administrators using the WordPress platform should take extra steps to ensure that their Web pages are protected from these types of threatening intrusions, paying special attention to plug-ins and ensuring that all software is always updated.
SoakSoak Attacks have been Associated with a Specific WordPress Plugin
To carry out attacks, third parties have targeted old versions of RevSlider. This is a popular WordPress plug-in that may be packaged and bundled into a WordPress theme. Versions prior to RevSlider 4.2 are being exploited by SoakSoak attacks. Discussions of the RevSlider vulnerability on underground sources had occurred several months ago. One issue with RevSlider is that this is a premium plugin that cannot be easily upgraded by all computer users. In many cases, RevSlider is packaged or bundled in a WordPress theme without the website owner's knowledge. These two characteristics have increased the distribution and potential risk of SoakSoak attacks. RevSlider's developers have silently patched this plug-in, although many websites have not been updated to include this new patch, making them still vulnerable to these attacks.
What are SoakSoak Attacks' Goal
The main purpose of SoakSoak is to generate revenue at the expense of computer users. By distributing this threatening script, third parties may deliver threats to computers automatically. Third parties may profit from doing this utilizing various tactics. An adware infection could be installed to profit from advertising, or banking Trojans could be installed in order to gather victims' banking information. In many cases, the affected computer could be used as part of a botnet to carry out attacks or distribute additional threats or spam email messages. Computer users should keep all of their software fully up-to-date, especially Flash and Java, which are both involved in different variants of the SoakSoak attack. It is also highly recommended to use real-time protection while browsing the Web in order to prevent these types of threatening scripts from running on websites visited by computer users.
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.