Trojanised WordPress

As a daily reader of The Register website I was auite concerned when I came accross this article on a Trojanised version of WordPress doing the rounds on a fake site.

Apparently this fake site – Wordpresz.org is offering the ‘latest version’ which is apparantly 2.6.4. However the latest official version from WordPress is 2.6.3 which I upgraded two blogs to yesterday (Wednesday 5th November 2008). Although I was sure (as I always am) to double check that the download was from the official URL it didn’t stop me panicking so off I went to check on the two blogs that I had upgraded just in case.

The difference is a Trojanised version of pluggable.php and Sophos has since detected the malicious code as WPHack-A Trojan. According to posters on Craig Murphy’s Blog the Trojanised version of pluggable.php attempt to steal users cookies if you have five or more users. I should imagine further analysis pluggable.php may yeild additional code but until then watch this space!

Anyway all was well with my blogs but it does make you think always double check the URL of the links that you are clicking on. Are they what they appear to be?!

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *