madison
Home / News & Blogs

WordPress blogs at risk from worm

Jennifer Guevin CNET News.com | September 8, 2009 5:41 AM PDT

Summary

A worm is circulating that can post malware and spam to some WordPress blogs using outdated versions of the blogging software, according to WordPress.

Topics

Blog, Worm, Cyberthreats, Blogging, Viruses And Worms, Security, Internet, WordPress, blogs, malware, spam, Jennifer Guevin CNET News.com
A worm is circulating that can post malware and spam to some WordPress blogs using outdated versions of the blogging software, according to a post by Matt Mullenweg, founding developer of WordPress.

The worm can be tough to catch, as Mullenweg explains: "It registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts."

The vulnerability allowing the attack was discovered on August 11, at which point WordPress encouraged users to upgrade to version 2.8.4. However, many people have yet to upgrade, and reports online indicate the worm is making progress by the hour.

The worm does not affect the current version 2.8.4 and the one prior to it, and it only affects people who host their own WordPress blog. Blogs hosted on WordPress.com are unaffected.

Users can find upgrade links and instructions on WordPress.org. WordPress has also posted an FAQ for people who think their blog has been hacked.

This article was originally posted on CNET News.

Talkback Most Recent of 10 Talkback(s)

  • Upgrade speed
    2.8.4 has been out for about a month. If you haven't upgraded by now, you're asking for it. My upgrade window for security updates is 24 hours. Easy for us geeks to say, but most end users don't know or care what version they're on - they leave this kind of thing to their admins (if they have them) or just shine it on.

    As an admin, I check out all WP installations via subversion, and keep them all in an array in a shell script. I can upgrade 125 WP installations in 5 minutes flat (and only 15 seconds of that time is me with hands on keyboard). If you manage a lot of WP installs, I really recommend this approach. Here are the scripts I use to do this:

    http://birdhouse.org/software/2008/04/wp-create/
    http://birdhouse.org/software/2007/07/wp-mass-upgrade/
    ZDNet Gravatar
    shacker23
    8th Sep 2009
  • got headaches? =D
    Man, I hate it when an update comes along and breaks everything. I had a dokuwiki nightmare a while back, took me a week to find the workaround, which left a few folks needing to reestablish some of their content lost in the shuffle. (embedded imagery)

    Joomla is another one that can be a bear to straighten out after and upgrade. Thank goodness older versions of apache can be safely run without needing to upgrade the whole thing...
    ZDNet Gravatar
    pgit
    8th Sep 2009
  • Oh, yes... upgrading web apps...
    Oh, yes... upgrading web apps is such a pain. Specially if you are supporting hundreds of sites. Some new webapps have some sort of automatic upgrade option, but most don't.

    I wish I could install just one copy of any given application and then that become available for all sites in a server. The one-copy-per-site is a bit hard to maintain when the site owner is not his/her own admin.


    Regards,

    MV

    ZDNet Gravatar
    MV_z
    9th Sep 2009
  • RE: WordPress blogs at risk from worm
    I avoid this by not using wordpress. I'm using blog-stalk.com instead.
    ZDNet Gravatar
    wcminor
    8th Sep 2009
  • thanks...
    Never heard of blog-stalk. Thanks for the tip, I'll dig around a bit and see if it can help me.
    ZDNet Gravatar
    pgit
    8th Sep 2009
  • The danger of popularity
    I recently switched to WordPress for designing web sites. It is by far easier than Joomla, etc. However it may become to popular of a web design platform and hence it becomes a target of hackers.
    ZDNet Gravatar
    bobdavis321
    8th Sep 2009
  • RE: WordPress blogs at risk from worm
    Yes, I'm sure blog-stalk is different from every other option and is totally secure.
    ZDNet Gravatar
    MyDoom
    10th Sep 2009
  • RE: WordPress blogs at risk from worm
    The blog of zdnet.com is still running with wordpress 2.6.5. Fix your blog!!!
    ZDNet Gravatar
    AReader
    24th Sep 2009
  • RE: WordPress blogs at risk from worm
    The blog on zdnet.com is still WordPress 2.6.5. You need to fix it!
    ZDNet Gravatar
    AReader
    24th Sep 2009
  • Figures...
    I always thought it was a bit risky coming here. grin
    ZDNet Gravatar
    bandersnatch42vt
    9th Oct 2009

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity