Thursday, December 18, 2014

Technology News: The New Malware(SoakSoak.ru Malware) Came as a Devastating blow of importance of your WordPress Blog




The New Malware(SoakSoak.ru Malware) Came as a Devastating blow of importance of your WordPress Blog 

     
    WordPress blogs are hugely popular and it is easy to administer, Simple to install. Nearly 23%    of(top 10 million)website were running on WordPress software as of Agust 2013. popularity of The WordPress has mainly four reasons.

1) Sole bloggers
2) Organization of bloggers
3) Media outlets
4) Education Facilities

So one of the Malware may be come as a devastating blow in to your Website/Blog , the Malware name is Soak Soak.ru. The Soak Soak.ru infects your blog, Computer, or website. The Malware is very danger to your blog/website because your website traffic may loose .The Malware download  automatically  in back side without click any word after download it effects your blog/website.


Besides,Google has already blacklisted 11,000 infected domains. Actually the SoakSoak.ru Malware are effecting the Site/Blog Visitors. So the number of blog visitors are automatically will  decrease.

How The SoakSoak .ru Affects You As  A Visitor

When you visit the homepage of blog / website. Meanwhile in back ground the SoakSoak.ru malware downloaded to your computer as part of the page viewing in your browser.This known as a Drive By Download Attack. 

How to find

By using some web site you can scan your blog/Website to find the
1)Malware
2)Website Blacklisting
3)Injected SPAM
4)Defacements
5)Website Firewall


The first thing you need to visit this website  Site checker it is produced by Security blog Sucuri. You can use Securi service to clean your blog although of course this comes at a price.

Anatomy of SoakSoak.ru

      The particular malware is that modifies the wp-includes/templates-loader.php files these lines

 <?php
function  FuncQueueObject()
{
wp_enqueue_script(“ swfobject”);
}
 add_action(“wp_enqueue_scripts”, ‘FuncQueueObject’);>

Because the  wp-includes/swfobject.js to be loaded on every page  you view.

which include the malware here

when decoded loads the javascript from soaksoak.ru domain specifically this file: hjjt://soaksoak.ru/xteas/code (for security purpose i write http instead of hjjt)

if  your site is infected you can use   Site checker











No comments: