The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission.
SoakSoak: over 100,000 Wordpress sites hit by mysterious Russian malware
Experts fear the problem might be too big to contain
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Wordpress, the world’s most popular blogging platform, is vulnerable to a piece of mysterious Russian malware called ‘SoakSoak’ that could already have infected 100,000 pages, experts have said.
Google has already blacklisted over 11,000 sites that are infected with the malware, in the hope of stopping it from spreading.
The attack has been launched by soaksoak.ru, giving the malware its name. The internet security firm Sucuri, which first spotted the problem, has said that it could have compromised over 100,000 sites.
The problem appears to begin with a plugin called RevSlider which Sucuri said months ago could have vulnerability. The plugin is a premium piece of software meaning that it will be hard for many users to upgrade to get rid of the problem, Sucuri said.
“Some website owners don’t even know they have it as it’s been packaged and bundled into their themes,” Daniel Cid from Sucuri wrote in a blog yesterday.
And even if the problem is fixed, hackers appear to be installing new software onto websites that could give them control of the pages in the longer term.
If a site is infected with the problem, it might mean that it acts oddly — though it may not immediately present itself to users at all.
Sucuri, which discovered the problem, runs a free site checker which will scan any webpage to see if it has been infected with the SoakSoak malware as well as other malware and problems.
If the page does show issues, Sucuri recommends the deletion of two files — swfobject.js and template-loader.php — which will get rid of the initial infection, but will still leave the website vulnerable and likely to be infected quickly.
The best way to ensure that a page is protected is to use a website firewall, such as those offered by Sucuri themselves as well as other internet security firms.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments