Just when you thought it was safe to blog

Fake site punts Trojanised WordPress • The Register

The fake Wordpresz.org site offered up what purports to be version 2.6.4 of the open source blogging tool. In reality all but one of the files are identical to the latest pukka (2.6.3) version of WordPress.

The crucial difference comes in the form of a Trojanised version of pluggable.php, according to Sophos virus researcher Paul Baccas. Sophos detects the malicious code as WPHack-A Trojan.

“The new PHP contains call backs to the Fake WordPress site and looks to be stealing credentials,” Baccas reports.

One is, of course, shocked, shocked to learn that the registrar is EstDomains…

Sometimes I think registrars should be on the hook when they take money to register domains that could pretty much only be used for fraud. For example, what was register.com thinking when they took money for “yahoomarketingadui.com” with all contact information anonymized? Did they really imagine someone wouldn’t use it for phishing email?

Yeah, I know. Horizon-spanning herd of horses, barn door.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: