Wikipedia used to spread malware

An entry in the popular online encyclopaedia was hijacked to direct users to malicious code
Written by Tom Espiner, Contributor

A Wikipedia page has been used by hackers in an attempt to spread malicious code.

The entry for the W32.Blaster worm in the German version of the popular online encyclopaedia was altered to include false information about a new version of the Lovesan/MS Blaster worm, with links to a supposed fix. The fix was actually a piece of malicious code, according to antivirus vendor Sophos.

It's not clear how long the vandalised page was live for, but the editors of Wikipedia.de moved fast to delete the links once they were discovered.

However, because Wikipedia archives old versions of articles, the hackers were still able to send links to the archived entry through a mass-mailed email. This email purported to be from Wikipedia, and directed German users to the fraudulent Lovesan/MS Blaster entry. Because the emails linked to a legitimate website, they were able to bypass some anti-spam solutions, Sophos reported on Friday.

"The good news is that the authorities at Wikipedia quickly identified and edited the article on their site," said Graham Cluley, senior technology consultant at Sophos. "Unfortunately, however, a version of the page remained in the archive, allowing the hackers to send out spam and continue to direct visitors to the malicious code."

Wikipedia has confirmed that it has now permanently erased all versions of the page, according to German news site Heise Online.

Editorial standards