WP Symposium – Zero Day Vulnerability Dangers


Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing in the wild. This specific vulnerability was disclosed publicly Dec 11th, and attacks
Read More

Analyzing The WordPress SoakSoak Favicon Backdoor

The securi-fix.php code

This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a complete mitigation plan. In the previous post we described how hackers upload a ZIP file which
Read More

New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider

If SoakSoak wasn't enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. Unlike SoakSoak, it's comprised of 3 distinct malframes - creating
Read More

SoakSoak Campaign Evolves – New Wave of Attacks

Decode malware in json2.min.js

Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional websites. We have updates for concerned webmasters looking to stay on top of the threat and keep
Read More

SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11

Sucuri - action_script_code - ie11 - soaksoak

Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the RevSlider vulnerability as a point of penetration, then uploads a backdoor and infects all websites that share the same
Read More

RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise

Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more
Read More

SoakSoak Malware Compromises 100,000+ WordPress Websites

Sucuri - SoakSoak RU Blacklisted

This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts in the order of 100's of thousands of WordPress specific websites. We cannot
Read More

Malvertising on a Website Without Ads

Malicious Fake Flash Download

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless ofcourse the server was previously compromised, which in it of itself is another conversation
Read More

Targeted Phishing Against GoDaddy Customers


I do get a lot of phishing emails, we all do, but as security professionals we tend to recognize them immediately. Either the syntax is wrong, or it's missing a name. When you get them from a bank you don't even deal with that's a pretty good
Read More

Critical vulnerability affecting HD FLV Player

Sucuri - HD FLV Player - Download File

We've been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched on Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites
Read More