Archive for December, 2014

SoakSoak bug, round two, still widespread infections

December 19, 2014

I've been really busy so it's been a while since my last post, but this is really important so thought I should update everyone.

This recent SoakSoak bug infected a lot of WordPress sites through a vulnerability in the Revolution Slider plugin. Apparently the developers know about this security hole back in September but did nothing about it until the exploit was widespread. There is now a new version of Revolution Slider that has been patched but there are also many themes that use this slider that cannot be automatically upgraded. The newest version of my Anti-Malware plugin will automatically block the attempts to exploit this vulnerability on your site, even if you have a vulnerable version of Revolution Slider installed.

The bigger problem is that once you have been hit by this bug then there may be other backdoors planted on your site and your DB password may also have been stolen. Your site can also then be used to spread this infection to other sites. I have seen a new round of this threat that no longer uses the popular IP address in the script source. Now its using a variety of infected domains spread the infection.

This threat is changing all the time so please make sure to download the Definition Updates whenever I release a new one. You can follow my Twitter feed @GOTMLS to get notified of new updates.


Tags: , , ,
Posted in Updates 2 Comments »