How has SoakSoak been changed, and is there any way to mitigate the new malware?
The updated SoakSoak malware targets insecure WordPress websites, specifically a WordPress plug-in called RevSlider. The SoakSoak malware exploits a vulnerability in the RevSlider plug-in that allows an attacker to upload a malicious theme to the WordPress site then infect a WordPress install.
It is important to note that the RevSlider plug-in is not installed by default. However, a novice webmaster might not know to check all plug-ins for WordPress (or any software with plug-ins or optional modules) for updates. It is critical to keep all plug-ins or modules (along with core software) up to date to ensure WordPress security.
Mitigating the risk from the SoakSoak malware is different than most malware targeting personal computers. WordPress runs on a Web server and usually on a server-related operating system. Therefore, remediation steps for a server would be needed at the worst case, which could result in rebuilding the server and restoring data from backups. In a best case scenario, the WordPress install is the only aspect impacted, so WordPress is the only software that needs to be replaced with a secure version.
When the new SoakSoak malware emerged, it was reported that some people only replaced the files changed by the SoakSoak malware. Given that any of the WordPress files could have been changed, all such files should be restored from a secure backup or known-good install files. WordPress would then need to be secured to prevent the attack from happening again.
Ask the Expert:
SearchSecurity expert Nick Lewis is ready to answer your enterprise threat questions -- submit them now. (All questions are anonymous.)
Get info on how to secure CMS systems, including WordPress, Joomla and Drupal
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.