WordPresz
November 6, 2008 47 Comments
It seems there has been an attempt recently to distribute a trojaned version of WordPress via some form of phishing scam. It seems this attack relied on exploiting an old version of WordPress which had not been upgraded and changing it to point at a different site for one of the dashboard feeds. The site was then offering a trojaned install of a version of WordPress 2.6.4 which does not exist. The site has now been shutdown so it is nolonger possible to get hold of this Trojaned version but it does highlight the importance of upgrading when a security release is made.
As I have said in my response in the article on The Register
We recommend that people upgrade as soon as possible when we release a security release so as to ensure they are not vulnerable to issues which will likely have exploits in the wild. Also in the upcoming 2.7 release of WordPress we are including a built-in upgrade mechanism within WordPress which will allow people to upgrade automatically with ease.
I would however stress the need with any piece of software to check that an upgrade is real by visiting the website of the software provider manually rather than relying on a link that you have been provided. Otherwise, as with bank phishing scams there is the potential for someone to trick you into doing something you didn’t want to do.
About Peter Westwood
I hate people who do stuff like that. I’m lucky that I wasn’t caught by it, but still.
Pingback: Trojaned WordPress Being Circulated — Javamancy
Pingback: Sjeltur » Blog Archive » Fake Wordpress is going around…
I can’t see how people would fall for such a scam. Its simple. Only download from WordPress.org
Thanks for the heads up. WordPresz sounds like Hungarian.
IMHO, the main issue in this incident is the need for a firm and final clarification for one single question: How on earth can one hijack the WP planet’s feed display at several independent blogs and inject their own message there?
Is it safe to assume that this won’t happen to WP 2.7 automatic upgraders?
@Robert: Let me be clear here nobody hacked the Planet feed. The dashboard widget which displays the planet feed is configurable and you can change what is displayed.
That is what has happened here the hacker changed what was being displayed by directing it to load something different not by hacking the planet feed itself.
Pingback: Download WordPress only from WordPress.org, or else | WordPress Philippines
WordPresz.org alone is a problem. It’s not too hard to make a typo (the z is close to the s on a querty keyboard) and land on a site such as that.
Perhaps Automattic should register some misspelled domains to prevent that. Playing off the “missed the ‘s’ key” idea, you should snap-up WordPresd.org and WordPresw.org.
Dirty tricks. This stuff is tough enough.
Oh dang it…here’s my comment: This stuff is tough enough without some tricksters. Thanks for keeping us aware.
Pingback: Rosh o Roy - » Fake site - Trojanised WordPress
Pingback: Cuidado: Sitio WordPress falso - Frank Pereiro
this is bad, really very bad hope everything are normal again
Pingback: Alerta: falsa web ofrece el CMS de WordPress infectado con un troyano
Pingback: WordPress 2.6.4 is NOT available : Losing it[1]
Pingback: Goodluck » Archives » Wordpress пытались подменить
Pingback: Фалшив WordPress 2.6.4 @ Blog.Caspie.Net
Yep, I’m like you I hate it and I did a post about it Yesterday!
Fake WordPress update 2.6.4 steals data!
Pingback: Falsk WordPress at Norsk WP og WPMU
thankx
Pingback: Place of Stuff » Blog Archive » Why You Should Upgrade
Pingback: Você é idiota? | bernabauer.com
Pingback: Top Posts « WordPress.com
Pingback: WordPress Report For The Week Of November 7th 2008 : The NMP Network