By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
How has SoakSoak been changed, and is there any way to mitigate the new malware?
The updated SoakSoak malware targets insecure WordPress websites, specifically a WordPress plug-in called RevSlider. The SoakSoak malware exploits a vulnerability in the RevSlider plug-in that allows an attacker to upload a malicious theme to the WordPress site then infect a WordPress install.
It is important to note that the RevSlider plug-in is not installed by default. However, a novice webmaster might not know to check all plug-ins for WordPress (or any software with plug-ins or optional modules) for updates. It is critical to keep all plug-ins or modules (along with core software) up to date to ensure WordPress security.
Mitigating the risk from the SoakSoak malware is different than most malware targeting personal computers. WordPress runs on a Web server and usually on a server-related operating system. Therefore, remediation steps for a server would be needed at the worst case, which could result in rebuilding the server and restoring data from backups. In a best case scenario, the WordPress install is the only aspect impacted, so WordPress is the only software that needs to be replaced with a secure version.
When the new SoakSoak malware emerged, it was reported that some people only replaced the files changed by the SoakSoak malware. Given that any of the WordPress files could have been changed, all such files should be restored from a secure backup or known-good install files. WordPress would then need to be secured to prevent the attack from happening again.
Ask the Expert:
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now. (All questions are anonymous.)
Get info on how to secure CMS systems, including WordPress, Joomla and Drupal
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and ...continue reading
A Google Docs phishing attack used OAuth tokens to affect more than a million Gmail users. Nick Lewis explains how it happened, and how to defend ...continue reading
A vulnerability in Microsoft's Windows Defender antivirus tool left users open to remote code exploitation. Expert Nick Lewis explains how it ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.