Malware which targets more than 100,000 websites running the WordPress CMS has been detected.
Detected on Sunday morning when Google blacklisted over 11,000 which were redirecting to the domain SoakSoak.ru, therefore dubbed “SoakSoak” malware. Researchers at Sucuri said that the infections are not targeted only at WordPress websites, but it appears that the impact seems to be affecting most hosts across the WordPress hosting spectrum, reported The Hacker News.
As well as experiencing unexpected redirects to SoakSoak.ru web pages, users may also end up downloading malicious files.
To achieve its aims, the SoakSoak malware modifies a file in the template loader which causes wp-includes/js/swobject.js to be loaded on every page view on the website and this file includes a malicious java encoded script malware.
Imperva CTO Amichai Shulman, said: “The cause is a vulnerability related to the WordPress platform (which is not part of the malware). The first concern of each organisation that uses third party platforms such as WordPress is to make sure all known vulnerabilities of such a platform are virtually patched and that known and unknown application layer attacks (such as the one through which SoakSoak was introduced into those sites) are being mitigated at one time.”
Sucuri has provided a Free SiteCheck scanner that will check your website for the malware. The exact method of intrusion has not been pointed out at this time, but numerous signals led to believe us all that many WordPress users could have fallen victim to this attack.