You are here: silicon.com > Software > Security Strategy

Security Strategy

WordPress blogs under spam, malware attack

Worm uses old security bug as a way in

Tags: wordpress

Printer Friendly Email Story RSS

By Jennifer Guevin

Published: 7 September 2009 11:08 GMT

A worm is circulating that can post malware and spam to some WordPress blogs using outdated versions of the blogging software, according to a post by Matt Mullenweg, founding developer of WordPress.

Read this

A-Z of security

The worm can be tough to catch, as Mullenweg explains: "It registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at user's page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts."

The vulnerability allowing the attack was discovered on 11 August, at which point WordPress encouraged users to upgrade to version 2.8.4. However, many people have yet to upgrade, and reports online indicate the worm is making dubious progress by the hour.

The worm does not affect the current version 2.8.4 and the one prior to it. And it only affects people who host their own WordPress blog. Blogs hosted on WordPress.com are unaffected.

WordPress has also posted an FAQ for people who think their blog has been hacked.

Original article: WordPress blogs falling prey to worm from CNET News.com

Add Comment Add comment  Printer Friendly Print story with   Email Story Email story  
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

It's a cracker: Blog software breached

Largest hack and ID theft in US: Three suspects charged

Extradition for Nasa hacker rules high court

'Hack your own Oracle database' tool unveiled next week

'Nasa hacker' case raised in parliament

Data moving to the cloud? Cybercrime will follow

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Tim Ferguson Exclusive: Former MySQL boss Marten Mickos talks open source Why Microsoft could become one of the "biggest friends of open source" and why Oracle getting its hands on MySQL could be "one of the biggest open source coups ever"...

Naked CIO Naked CIO: Cloud computing more expensive than we thought? Smart IT leaders will examine the impact of how they pay for tech


UK ID cards rollout hit by delay as launch date revealed

Bletchley Park's World War Two codebreakers in their own words

'You're responsible for your own wi-fi security' say ISPs

'UK must up privacy safeguards following Phorm'

The top 10 technologies you need to plan for next year



  • Jobs
2 x TLM Analyst/ Developers

You MUST have experience in configuring SmartStream Reconciliation suite of products like TLM Recon Admin/TLM Design Studio/TLM WebConnect (both from ...

Information Technology Engineer

Monitor and maintenance of Network architecture, Server backup and Data security including basic SQL Server Admin. We also offer standard and ...

Account Manager - BASINGSTOKE - 20K-30K + OTE 60K + RESELLER

You will also be encouraged to meet your clients face to face but when not out in the market you will need to be in the office. Account Managers - ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

CEO Dashboard Management: Why Creating Visual Reports You Can't Hide From Will Help...

Virtual Private Servers (VPS)

Looking for a fast payback? 10 Minutes with Free Tool Can Save Thousands

The Truth About Wasteful Spending on Software: How to Stop Giving Your Software Vendors...

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Pay for IT chiefs weathers the storm

Illegal downloaders crackdown: Digital Economy Bill to cut them off

Salesforce.com makes more friends in the cloud

Google sheds light on netbook plans for Chrome OS

How to squeeze the last drops of savings from an outsourcing contract

Salesforce.com plans social networking for business




Quick Sitemap Links: