Pinterest Stumbleupon Whatsapp
Ads by Google

WordPress blogs are easy to install, simple to administer and hugely popular. Although there are no public statistics, 23.2% of the top 10 million websites were running WordPress software as of August 2013. The platform is the most popular option for sole bloggers, organizations, educational facilities and media outlets, which is why we’ve produced a guide to setting up WordPress websites Set Up Your Blog With Wordpress: The Ultimate Guide Set Up Your Blog With Wordpress: The Ultimate Guide Want to start your own blog, but don't know where to start? You should really look into Wordpress, the simplest and most powerful blogging platform available today. Read More .

So when a malware infection as devastating as the newly discovered SoakSoak.ru comes along, it is vital that WordPress blog owners act. Fast. After all, you wouldn’t want your visitors’ computers to become infected with malware, would you? That would be commercial suicide!

Besides, Google has already blacklisted 11,000 infected domains, with 100,000 believed to be infected.

SoakSoak Malware Infects Blog Visitors

This past weekend support forums for webmasters were buzzing with news of the infection that was traced back to SoakSoak.ru, malware that was seemingly introduced via a premium plugin.

muo-security-wordpress-malware-warning

Now, plugins are ten-a-penny on WordPress, installed by site administrators to add all manner of new features from managing stats and adverts to adding spoiler tags and embedding podcasts (our list of the best plugins should give you more of an idea The Best WordPress Plugins The Best WordPress Plugins Read More ). Free plugins are often updated, and while there is a reputation to be upheld should your role as a plugin developer be compromised, you’re not really under any serious obligation to make it malware proof.

Ads by Google

Premium plugins, meanwhile, are essentially a business. Slider Revolution costs $18 and was until very recently a well-regarded plugin for displaying images across the main page of a blog. At the time of writing there is no confirmation that the plugin is solely to blame for the SoakSoak malware finding a way into the infected sites, but it does seem to be the common factor and is therefore likely to be the main culprit.

muo-security-wordpress-malware-slider

However, it isn’t only WordPress sites that are infected, suggesting a multiple attack vector that targeted weaknesses in various web hosting platforms and plugins.

How Website Malware Affects You As A Visitor

Were you to visit one of the infected websites, without employing a browser plugin that limits your visits to compromised websites, you may have found yourself browsing an otherwise normal blog or homepage.

Meanwhile, in the background, malware is being downloaded to your computer as part of the page you’re viewing in your browser. This is known as a drive-by download attack. You don’t need to actually click and download a file to be infected by the malware – it happens automatically.

muo-security-wordpress-malware-art

In this case, infected websites will randomly send visitors to the SoakSoak.ru domain, and/or download malware to their computers without their knowledge.

Put simply: this is some dangerous malware.

Find Out If Your Site Is Infected And Deal With This Threat

Whether your site is based on WordPress or not, it is worth taking the time to quickly check whether or not the malware infects you. After all: if your site is infected, at least some of your readers are. These readers might be unlikely to return once they find out what happened.

Be aware: removing malware from a website is quite different to removing it from your PC The Complete Malware Removal Guide The Complete Malware Removal Guide This malware removal guide outlines not only how to remove malware from your computer but also how to clean up the mess that viruses and malware leave behind. Read More .

The first thing you need to do is head to http://sitecheck.sucuri.net/, a website checker produced by security blog Sucuri. Once your site has been quickly scanned (the checker looks for any signs of the SoakSoak malware attempting to load into your browser – it also checks for other website-dwelling malware) you can use their service to clean your site, although of course this comes at a price.

What we do know about this particular malware is that it modifies the wp-includes/template-loader.php file, adding these lines:

<?php

function FuncQueueObject()

{

wp_enqueue_script("swfobject");

}

add_action("wp_enqueue_scripts", 'FuncQueueObject');>

The JavaScript What is JavaScript and How Does It Work? [Technology Explained] What is JavaScript and How Does It Work? [Technology Explained] Read More file swfobject.js that is invoked includes an encoded malware link which is automatically loaded. Because the malware changes the template-loader.php file in WordPress, changing your theme won’t resolve the problem. (Incidentally, you should confirm that any WordPress themes you’re using are legal How To Tell If Your WordPress Theme Is Legal (And Why You Should Care) How To Tell If Your WordPress Theme Is Legal (And Why You Should Care) Read More . Those that have been picked up free when in fact they’re unlicensed might just be hiding other web-dwelling malware.)

Dealing with SoakSoak means taking extreme measures. Begin by checking where the most recent backups are. Your host should backup your site at least once a week. You’ll probably need your backed up database, as the simplest means of fixing this infection for free is to take your website down, delete all content, and reinstall.

Alternatively, you might go hunting for the swfobject.js script (in wp-includes/js/) and delete it, followed by removing the new lines in the template-loader.php. You should also check your site database to check that there is no reference to the script. Checking the PHP files of your current theme for any mention of the script is a good idea (often found in the header file) and you should be able to delete this code manually.

If you’re concerned about your site’s status with Google, head to their advice page to find out how to get your site off the blacklist.

Backups, Updating Sites & Plugins

Whether you run a site based on WordPress, or your web presence relies on another platform – public, premium or custom – website malware is a genuine threat that needs to be appreciated and accepted. The impact on an online business from self-loading malware such as SoakSoak is considerable, and shouldn’t be under-estimated. We’ve previously explained the importance of updating your blog to ensure vulnerabilities are fixed Why Update Your Blog: WordPress Vulnerabilities You Should Be Aware Of Why Update Your Blog: WordPress Vulnerabilities You Should Be Aware Of I have a lot of great things to say about Wordpress. It’s an internationally popular piece of open source software that allows anyone to start their own blog or website. It’s powerful enough to be... Read More , so this shouldn’t be anything new to you.

muo-security-wordpress-malware-update

With regular database backups, secure scripts and plugins, and regular software and plugin updates you can avoid the majority of website malware from finding vulnerabilities in your website software. You might also investigate whether your web host has a service that can protect against malware, or use a service such as BlogVault for WordPress which keeps your website files safe and secure.

Have you been infected by a website? Perhaps your blog was hit by SoakSoak? Tell us all about it in the comments.

Image Credit: Magnifying glass enlarging malware in computer machine code via Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *