Originating through WordPress sites, it’s now affecting websites around the world. The large scale attack began on December 14, 2014, which takes advantage of a vulnerability in a WordPress plugin. Visiting an infected site can result in malicious software being downloaded to your computer. It’s a very big deal if your site is down or if your PC is infected, but it’s not making huge news, even though it hasn’t been contained.
It’s not even trending on Twitter right now (#soaksoak) and there’s nothing on the Google News home page, but if you’re one of 100,000+ whose website is down, then the SoakSoak.ru malware infection is big, bad news. Fortunately, it’s not permanent and nothing will be lost. In the meantime, it can be a serious problem if you depend on your site for communications and sales.
What Is It?
This has been caused by a security issue with website hosting providers around the world. SoakSoak.ru is malware, which is software designed solely to cause damage to a computer or network. It entered the host servers through a vulnerability in WordPress websites. Then the infection spread to other sites and eventually the servers which host the websites.
It’s a world-wide problem that has hit many of the top hosting providers including GoDaddy, Network Solutions and even Google, which has blacklisted over 11,000 domains in order to help stop the spread of the problem. This means Google will not show that site in the list of search results because it’s not in their best interests to show you infected websites.
What Does It Mean If Your Site Shows This?
Here’s what it looks like on Chrome when a site has been blacklisted due to the SoakSoak.ru malware:
If this is your site, it may have the actual SoakSoak malware. Or it just might be hosted on a server that had a site on it which was infected and now the server has been taken down while the engineers work on clearing it up. The site is not gone, it’s not damaged and it is probably going to be available on other browsers including Internet Explorer and Firefox.
What Can You Do?
Your site is vital! It’s important to you and your business. It’s tough to know that your website is down and not be able to do anything about it. We feel it even more because we WANT to fix this FOR you. The problem is at the host company and they are working as quickly as humanly possible to get the problem contained, cleaned up, and get their clients’ websites back up and running as soon as possible.
It started with WordPress sites, moved into other sites with back-end CMS (content management systems) and possibly the servers themselves. Therefore, you are at risk, and your site can be down whether or not it is running on WordPress.
Here’s what you can do about the SoakSoak.ru vulnerability:
If you visit a website with this alert, do NOT continue as you may become infected by the malware.
IF you have WordPress website, have your webmaster clean the site code and re-upload. You can get details on the process here. Make sure you’ve always got the latest version of WordPress or any plugins.
Once your site is cleaned up, you can resubmit your site to Google, so that they can take it off their blacklist.
We have found some sites to quickly become reinfected, so have your webmaster continue to monitor your site.
- Be patient and let the host company engineers do their thing.
- Don’t move your site. Moving your site to another provider is not a viable option. Nearly everyone is affected. Plus, it takes hours to migrate and days for the DNS (Domain Name Servers) to recognize the new website location.
- Try accessing your site using Internet Explorer or Firefox if you’re usually on Chrome. Google errs on the side of caution in releasing a site from quarantine, but we’ve seen them back up on IE and Firefox much more quickly.
- Do not worry about your website being lost. Website hosting companies have backups for the backups of their backup. Your data will not be lost and your website will be up and running.
- Expect that sites may be up and down, with on and off again outage affecting them.
Our I.T. support team is keeping a very close eye on this issue and we are tracking the sites for clients we know are affected. We will keep all of our managed service clients up-to-date and informed on their sites and this malware issue as a whole.