Hey Guyz! We n33d to upgradez to 2.6.4 on S3cu4iT3am to be l33t!

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>]

Fraudsters have set up a fake site featuring a backdoored version of the WordPress 
blogging application. The fake Wordpresz.org site offered up what purports to be 
version 2.6.4 of the open source blogging tool. In reality all but one of the files 
are identical to the latest proper (2.6.3) version of WordPress. The difference 
comes in the form of a Trojanised version of pluggable.php, according to a Sophos 
virus researcher. Sophos detects the malicious code as WPHack-A Trojan. The 
issue came to light via a posting by a blogger who reports that he received a “High 
Risk Vulnerability Warning” from the spoofed WordPress domain when he logged 
into his admin account. It looks like sites which have not upgraded to 2.6.3 are 
being exploited in an way where a hacker, probably using an automated script, 
hacks into sites with the vulnerability and changes the settings of one of the 
dashboard modules to point to a different feed, encouraging people to go to a 
different site which offers a dodgy upgrade. The fake site attack represents a rare 
but not unprecedented attack on users of the open source blogging package.  

 http://www.theregister.co.uk/2008/11/06/trojanised_wordpress/ 

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
More computing sins are committed in the name of efficiency than
for any other single reason--including blind stupidity.
                                                   - William A. Wulf
victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.