Tuesday, May 18, 2010

Widespread attacks continue against WordPress sites

Owners of self-hosted WordPress based websites should make sure that their FTP and wordpress passwords are secure. Also review your WordPress installation to make sure that it is up to date. The current version is 2.9.2. Sites hosted on WordPress.com are not affected.

Intruders in recent weeks have hacked a large number of websites created through the WordPress blogging platform to spread malware, with another major campaign launched on Thursday, security researchers said.

In addition to WordPress blogs, websites created with other PHP-based platforms, including the Zen Cart eCommerce solution, were affected by the attacks, Regina Smola, co-founder of WPSecurityLock, a provider of WordPress security services, told SCMagazineUS.com on Tuesday.

Attackers injected malicious JavaScript into the sites, causing visitors to be redirected to scareware domains that attempted to trick users into installing a virus, she said.