New Worm Taking Aim at WordPress

A new worm is taking aim at the popular WordPress blogging platform. First discovered on August 11th, it affects those who host their own blogs. It works by exploiting vulnerability in the software’s permalink structure. Once in it makes itself an admin and fills posts with hidden spam and malware.

          “The tactics are new, but the strategy is not,” the WordPress project stated on its official blog. “Where this particular worm messes up is in the ‘clean up’ phase: It doesn’t hide itself well, and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage.”

Those bloggers infected by the worm will find all of their links are broken and their old posts are filled with hidden spam and malicious code. They may also discover their site flagged as dangerous on Google because of said code. The fix? Wipe your site and install from your backup, or if you haven’t backed up, start from scratch. The prevention? Make sure you’re using the latest WordPress software, which at this writing is 2.8.4.

Hackers are increasingly turning to legit sites to spread their wares, and finding plenty of security holes to exploit in order to do so. In June over 40,000 websites were infected by an attack dubbed “Nine Ball” that injected malware into legit pages and redirect visitors to a malicious site that downloaded Trojans and a keylogger, and last month over 57,000 legit sites were found to be infected, and earlier this month the website of the UK Parliament was hacked.