Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru.
This morning a massive malware campaign was initiated targeting WordPress websites. The campaign has been tagged SoakSoak because of the domain users are being redirected too.
Details on this payload can be found on the Sucuri.net Blog.
There are various threads and forums talking to this and it’s very easy to get misleading information. Here are a few things to understand:
- This email does not mean you are infected, this serves as a Public Service Announcement.
- All Sucuri systems have been updated to better detect this infection. If you get a notification please log into your account and submit a Malware Removal Request.
- If you are behind the Website Firewall (CloudProxy) you are being protected from what appears to be the attack vector.
- The attack appears to be correlated to the RevSlider vulnerability.
Sururi is actively investigating with their partners to better understand the potential access vector. As information becomes available they will disclose it.