A fake version of WordPress, the popular web site CMS (content management system) software has been found in the wild. This version of WordPress, a non-existent version 2.6.4, contains a Trojan horse, which, according to reports, “contains call backs to the Fake WordPress site and looks to be stealing credentials.”
The fake version takes advantage of a possible spelling/typing error, and is available from wordpresz.org (note the “sz” at the end) rather than the real wordpress.org. One of WordPress’s lead developers, Peter Westwood, told the following to The Register :
It looks like sites which have not upgraded to 2.6.3 are being exploited in an interesting way whereby a hacker, probably using an automated script, is hacking into sites with the vulnerability and changing the settings of one of the dashboard modules to point to a different feed thereby encouraging people to go to a different site which is offering a dodgy upgrade.
All users of WordPress should check their sites and make sure they haven’t been tricked into upgrading to version 2.6.4. If you have been stung, this article tells you how to clean up the mess.
