Fraudsters have set up a fake site featuring a backdoored version of the WordPress blogging application. The fake Wordpresz.org site offered up what purports to be version 2.6.4 of the open source blogging tool. In reality all but one of the files are identical to the latest proper (2.6.3) version of WordPress. The difference comes in the form of a Trojanised version of pluggable.php, according to a Sophos virus researcher. Sophos detects the malicious code as WPHack-A Trojan. The issue came to light via a posting by a blogger who reports that he received a “High Risk Vulnerability Warning” from the spoofed WordPress domain when he logged into his admin account. It looks like sites which have not upgraded to 2.6.3 are being exploited in an way where a hacker, probably using an automated script, hacks into sites with the vulnerability and changes the settings of one of the dashboard modules to point to a different feed, encouraging people to go to a different site which offers a dodgy upgrade. The fake site attack represents a rare but not unprecedented attack on users of the open source blogging package.
http://www.theregister.co.uk/2008/11/06/trojanised_wordpress/ ====================== (quote inserted randomly by Pegasus Mailer) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] More computing sins are committed in the name of efficiency than for any other single reason--including blind stupidity. - William A. Wulf victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
