Apparently this fake site – Wordpresz.org is offering the ‘latest version’ which is apparantly 2.6.4. However the latest official version from WordPress is 2.6.3 which I upgraded two blogs to yesterday (Wednesday 5th November 2008). Although I was sure (as I always am) to double check that the download was from the official URL it didn’t stop me panicking so off I went to check on the two blogs that I had upgraded just in case.
The difference is a Trojanised version of pluggable.php and Sophos has since detected the malicious code as WPHack-A Trojan. According to posters on Craig Murphy’s Blog the Trojanised version of pluggable.php attempt to steal users cookies if you have five or more users. I should imagine further analysis pluggable.php may yeild additional code but until then watch this space!
Anyway all was well with my blogs but it does make you think always double check the URL of the links that you are clicking on. Are they what they appear to be?!