As a daily reader of The Register website I was auite concerned when I came accross this article on a Trojanised version of WordPress doing the rounds on a fake site.
Apparently this fake site – Wordpresz.org is offering the ‘latest version’ which is apparantly 2.6.4. However the latest official version from WordPress is 2.6.3 which I upgraded two blogs to yesterday (Wednesday 5th November 2008). Although I was sure (as I always am) to double check that the download was from the official URL it didn’t stop me panicking so off I went to check on the two blogs that I had upgraded just in case.
The difference is a Trojanised version of pluggable.php and Sophos has since detected the malicious code as WPHack-A Trojan. According to posters on Craig Murphy’s Blog the Trojanised version of pluggable.php attempt to steal users cookies if you have five or more users. I should imagine further analysis pluggable.php may yeild additional code but until then watch this space!
Anyway all was well with my blogs but it does make you think always double check the URL of the links that you are clicking on. Are they what they appear to be?!
No related posts.
Add new tag apple basic php bing blog browsers copywriter cardiff copywriter wales copywriting copywriting south wales CSS database DNS firefox google google analytics google apps html iPhone local searches local seo mac mobile more business mx records MySQL php php database connection portfolio postaweek2011 ppc landing page search engine optimisation search engine optimization SEO seo south wales twitter virus web design web design cardiff web design portfolio South Wales web design south wales web development website copywriting windows security wordpress
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
No comments