The main vector for SoakSoak was closed some time ago, but many WordPress users, especially those who installed the RevSlider plugin as part of a theme, have not yet updated.
Hudson, FL (PRWEB) December 17, 2014
AHosting, a leading provider of optimized WordPress hosting, has released a security warning and advisory notice to users of the WordPress content management system. Hundreds of thousands of WordPress sites have been infected with the SoakSoak malware, which enables attackers to completely circumvent a site’s access controls.
The main vector for the malware appears to be the popular Slider Revolution Responsive WordPress Plugin, also known as RevSlider. Sites infected with the SoakSoak malware, via the RevSlider vulnerability or otherwise, may have a backdoor installed which gives the attacker complete control over the site.
The vulnerability in RevSlider was disclosed and patched earlier this year, but many sites are still running vulnerable versions. The owners of sites still running a vulnerable version of the RevSlider plugin, which includes all releases below version 4.2, should immediately update the plugin.
“The main vector for SoakSoak was closed some time ago, but many WordPress users, especially those who installed the RevSlider plugin as part of a theme, have not yet updated,” commented Daniel Page, Director of Business Development at AHosting, Inc., “Plugins bundled with themes are not updated as part of the standard WordPress upgrade feature, but must be upgraded along with the theme. It appears that many theme developers have failed to include patched version of the RevSlider in their plugins, leaving many thousands of WordPress users vulnerable.”
WordPress site owners who are concerned that their site may be infected with the SoakSoak malware can use the free Website Malware Scanner from Sucuri to check their sites. It should be understood that simply removing the SoakSoak files from a WordPress installation is not sufficient: the malware's backdoor may remain, and the initial vulnerability could be exploited again.
WordPress owners will reduce their vulnerability to all exploits if they follow simple WordPress security best practices, including ensuring that all plugins, themes, and WordPress Core are kept up-to-date.
AHosting is a managed web hosting provider with facilities in Orlando, FL, and Detroit, MI, owned and operated by AHosting, Inc., supplying hosting services that are truly beyond imagination. Since 2002, AHosting has established one of the web’s premier solutions for reseller web hosting, multiple IP hosting, dedicated servers, and VPS hosting. For more information, visit http://www.ahosting.net.