Technology News: The New Malware(SoakSoak.ru Malware) Came as a Devastating blow of importance of your WordPress Blog
The New Malware(SoakSoak.ru Malware) Came as a Devastating blow of importance of your WordPress Blog
WordPress blogs are hugely popular and it is easy to administer, Simple to install. Nearly 23% of(top 10 million)website were running on WordPress software as of Agust 2013. popularity of The WordPress has mainly four reasons.
1) Sole bloggers
2) Organization of bloggers
3) Media outlets
4) Education Facilities
So one of the Malware may be come as a devastating blow in to your Website/Blog , the Malware name is Soak Soak.ru. The Soak Soak.ru infects your blog, Computer, or website. The Malware is very danger to your blog/website because your website traffic may loose .The Malware download automatically in back side without click any word after download it effects your blog/website.
Besides,Google has already blacklisted 11,000 infected domains. Actually the SoakSoak.ru Malware are effecting the Site/Blog Visitors. So the number of blog visitors are automatically will decrease.
How The SoakSoak .ru Affects You As A Visitor
When you visit the homepage of blog / website. Meanwhile in back ground the SoakSoak.ru malware downloaded to your computer as part of the page viewing in your browser.This known as a Drive By Download Attack.
How to find
By using some web site you can scan your blog/Website to find the
1)Malware
2)Website Blacklisting
3)Injected SPAM
4)Defacements
5)Website Firewall
The first thing you need to visit this website Site checker it is produced by Security blog Sucuri. You can use Securi service to clean your blog although of course this comes at a price.
Anatomy of SoakSoak.ru
The particular malware is that modifies the wp-includes/templates-loader.php files these lines
<?php
function FuncQueueObject()
{
wp_enqueue_script(“ swfobject”);
}
add_action(“wp_enqueue_scripts”, ‘FuncQueueObject’);>
Because the wp-includes/swfobject.js to be loaded on every page you view.
which include the malware here
when decoded loads the javascript from soaksoak.ru domain specifically this file: hjjt://soaksoak.ru/xteas/code (for security purpose i write http instead of hjjt)
if your site is infected you can use Site checker
Comments
Post a Comment