By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
How has SoakSoak been changed, and is there any way to mitigate the new malware?
The updated SoakSoak malware targets insecure WordPress websites, specifically a WordPress plug-in called RevSlider. The SoakSoak malware exploits a vulnerability in the RevSlider plug-in that allows an attacker to upload a malicious theme to the WordPress site then infect a WordPress install.
It is important to note that the RevSlider plug-in is not installed by default. However, a novice webmaster might not know to check all plug-ins for WordPress (or any software with plug-ins or optional modules) for updates. It is critical to keep all plug-ins or modules (along with core software) up to date to ensure WordPress security.
Mitigating the risk from the SoakSoak malware is different than most malware targeting personal computers. WordPress runs on a Web server and usually on a server-related operating system. Therefore, remediation steps for a server would be needed at the worst case, which could result in rebuilding the server and restoring data from backups. In a best case scenario, the WordPress install is the only aspect impacted, so WordPress is the only software that needs to be replaced with a secure version.
When the new SoakSoak malware emerged, it was reported that some people only replaced the files changed by the SoakSoak malware. Given that any of the WordPress files could have been changed, all such files should be restored from a secure backup or known-good install files. WordPress would then need to be secured to prevent the attack from happening again.
Ask the Expert:
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now. (All questions are anonymous.)
Get info on how to secure CMS systems, including WordPress, Joomla and Drupal
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the ...continue reading
The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. ...continue reading
A Libgcrypt vulnerability could allow attackers to recover private RSA-1024 keys, as it allows a left-to-right sliding window that shows how specific...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.