WordPress attacks hit unpatched blog platforms
Blogs built on older WordPress software platforms are being targeted by hackers.
During the weekend, the attacks were fomented by an extremely stealthy worm, according to a post on the WordPress blog. The latest version of the popular blogging portal (2.8.4), however, is not affected.
“Right now there is a worm making its way around old, unpatched versions of WordPress,” Matt Mullenweg, WordPress founder, explained in the post Saturday.
Blogs hosted on WordPress.com are not vulnerable. The only blogs affected are those on third-party or self-hosted sites.
“To prevent this form of attack, update your WordPress site immediately to the latest version,” said Lorelle VanFossen, author of the book "Blogging Tips," in a post on her blog. “Change all passwords to a strong password immediately, including WordPress blog access for all users, database, FTP, control panels, everything.”
The malware attacks typically leave comment spam and links to malware-contaminated sites.
“The tactics are new, but the strategy is not,” Mullenweg wrote. “Where this particular worm messes up is in the ‘clean up' phase: It doesn't hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage.”
He added: “Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it."
The advice to update is well-founded. In 2007, David Kierznowski, an information security consultant based in the U.K., did a survey of 1,000 blogs that found 49 out of 50 WordPress blogs ran exploitable versions of the software.
Attempts to reach WordPress for comment Tuesday were unsuccessful.