News of a malware campaign against WordPress has been doing the rounds since owners and webmaster of wordpress blogs found out about websites getting blacklisted by Google. Around 11,000 domains had been blocked due to the latest malware campaign which has now swelled to 100,000. This campaign \u00a0has been brought by SoakSoak.ru, thus being dubbed the \u2018SoakSoak Malware\u2019 epidemic.<\/p>\n
<\/p>\n
Once your website has been infected by the malware,\u00a0you may experience irregular website behavior including unexpected redirects to SoakSoak.ru web pages. You may also end up downloading malicious files onto your computer systems automatically without any knowledge. The attack vector for the malware is not yet known, as is the reason of this campaign. \u00a0This campaign has resulted in a loss both revenue and reputation for the WordPress blog owners who are blacklisted by Google.<\/p>\n
SoakSoak malware modifies the file located at wp-includes\/template-loader.php<\/b><\/i> which causes wp-includes\/js\/swobject.js<\/i><\/b> to be loaded on every page view on the website and this \u201cswobject.js<\/i><\/b>\u201d file includes a malicious java encoded script malware.<\/p><\/blockquote>\n
Security Net<\/strong><\/h2>\n
The security team which has been investigating the campaign \u2013\u00a0 Sucuri<\/a> \u2013 \u00a0says that this campaign does not appear to be specifically targeted towards WordPress, \u00a0the victims seem to be blogs relying on its frame work. \u00a0So the fact that most of its victims are WordPress websites, may just be a coincidence.<\/p>\n