If you haven’t upgraded y
our Wordpress Blog to the 2.8.4 version, then now is the time to do it. It has become mandatory due to a worm circulating that can post malware and spam to Wordpress blogs using outdated versions.
The worm attacks versions of the blog software older than the current version 2.8.4 and the one just prior to this current version. The attack only occurs to people that host their own blog. Blogs hosted by Wordpress.com are not affected.
The worm can be difficult to discover as it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at the users page. The worm attempts to clean up after itself, then goes stealth so you never notice while it inserts hidden spam and malware into your old posts.
There are two clues that your WordPress site has been attacked:
First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
On August 11, 2009 the vulnerability was discovered and Wordpress began to encourage users to upgrade to the version 2.8.4. Many people have yet to upgrade and reports indicate the worm is making progress aggressively by the hour.
I had upgraded all of my sites except for one. When I found this out I quickly upgraded my last site, you should do the same.
I have posted an article on the steps to take during an upgrade. Follow these instructions to ensure a successful upgrade. Upgrade Your Wordpress Blog Now.
