rolffimages - Fotolia
The updated SoakSoak malware targets insecure WordPress websites, specifically a WordPress plug-in called RevSlider. The SoakSoak malware exploits a vulnerability in the RevSlider plug-in that allows an attacker to upload a malicious theme to the WordPress site then infect a WordPress install.
It is important to note that the RevSlider plug-in is not installed by default. However, a novice webmaster might not know to check all plug-ins for WordPress (or any software with plug-ins or optional modules) for updates. It is critical to keep all plug-ins or modules (along with core software) up to date to ensure WordPress security.
Mitigating the risk from the SoakSoak malware is different than most malware targeting personal computers. WordPress runs on a Web server and usually on a server-related operating system. Therefore, remediation steps for a server would be needed at the worst case, which could result in rebuilding the server and restoring data from backups. In a best case scenario, the WordPress install is the only aspect impacted, so WordPress is the only software that needs to be replaced with a secure version.
When the new SoakSoak malware emerged, it was reported that some people only replaced the files changed by the SoakSoak malware. Given that any of the WordPress files could have been changed, all such files should be restored from a secure backup or known-good install files. WordPress would then need to be secured to prevent the attack from happening again.
Ask the Expert:
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now. (All questions are anonymous.)
Get info on how to secure CMS systems, including WordPress, Joomla and Drupal
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.