Email
Password
Remember meForgot password?
    Log in with Twitter

article imageWordpress Worm Attacks Unpatched Blogs

By Chris Rowson     Sep 9, 2009 in Internet
Wordpress is arguably the most popular blogging software in existence, but does its enormous market share make it a more attractive target for hackers? The latest worm to hit the Wordpress platform highlights the importance of keeping up to date.
As the popularity of Wordpress has increased, so too has the number of security issues uncovered by researchers and hackers.
The latest Wordpress vulnerability was announced by WordPress founding developer Matt Mullenweg, along with information on how to secure against the attack.
Affecting unpatched versions of Wordpress, the recently discovered security issue allows a computer worm to register a user on the victims blog. Once registered, the user promotes itself to the administrative group and proceeds to insert hidden spam into old posts.
Unfortunately for spammers this latest worm has a serious fault. It is pretty lax at covering its tracks and leaves links throughout the blog broken. Upon discovering this the blogger tends to investigate further and discovers the full scale of the problem.
Matt points out that the best defense is simply to keep your blog updated:
Upgrading is a known quantity of work, and one that the WordPress community has tried its darndest to make as easy as possible with one-click upgrades. Fixing a hacked blog, on the other hand, is quite hard. Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)
Version 2.8.4 of the blogging platform is immune to the worm. Bloggers are very strongly recommended to upgrade to this version to avoid falling victim.
Bloggers hit by the flaw can find their sites removed from Google's index due to the spam and malware the worm inserts into posts. Bad news for those who make their money from blogging.
More about Blog, Wordpress, Worm
 
Latest News
Top News