Attack of the WordPress worm - SQL Injection
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:39 AM
Just about every single entity involved in a computer has updates. Whether it’s the newest software version of Firefox or the newest graphics driver for your computer. We all know this can get annoying… every few minutes another application is telling me I should update it and sometimes you can just forget to, or decide not to… but then there are often downsides of that.
WordPress recently announced that if you do not have the newest version (or second newest version) you could be vulnerable to the latest worm. This one actually has the ability to register a new user which hides itself and later edits permalinks in order to hide spam and malware inside your old posts.
So make sure that you have the latest version of WordPress, you can check by going to “Tools” and then “Upgrade” and it will tell you whether it’s the latest or not. If you don’t have the latest version, update and check all of your old links immediately.
Updating can be a hassle and keeping up with all those applications can be an annoyance. At least you always know that you don’t have to worry about updating your security services here with us — here at SSM we are updating our scanners and pattern matchers every day to ensure that you have the best protection.
SOURCE: http://www.net-security.org/malware_news.php?id=1103