WordPress blogs hit with mass malware attack

2010 April 12
Posted by Trevor

Hundreds of WordPress blogs, particularly those hosted by Network Solutions, have been hit with an attack that cripples the blogs and redirects visitors to a URL that loads malware. The attack has been reported by bothSucuri Security Labs and Trend Micro. It works by replacing the contents of a WordPress blog’s "siteurl" field (under wp_options) with some HTML code. That field isn’t supposed to contain HTML, so it effectively breaks the blog.

Security companies haven’t figured out how the blogs were exploited, although Sucuri says it was probably SQL injection or a database problem at Network Solutions. Network Solutions is investigating, and looking to blame a WordPress theme or plugin for the security hole, Trend Micro says. Trend Micro also has some info on the malware that the blogs are now redirecting to: it’s a known malware family called BUZUS, and antivirus software should be able to identify it.
If your blog was affected, change your siteurl back to its old value. You can find it under manage database, in the wp_option table.

[via DownloadSquad.com]

Comments are closed.