WordPress Blogs Fall Prey to Worm


A worm is circulating that can post malware and spam to some WordPress blogs using outdated versions of the blogging software, according to a post by Matt Mullenweg, founding developer of WordPress.

The worm can be tough to catch, as Mullenweg explains: “it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.”

From what I gather, the worm is especially a threat for self hosted wordpress sites. 

Also check out http://codex.wordpress.org/FAQ_My_site_was_hacked

Read the complete article here >>>