WordPress warns that a worm has been making the rounds of the old versions of its platform.
Blog writers who didn’t get around to upgrading their versions remained vulnerable to the attack of worm that “hijacks” their blog without them knowing and inserts spam and malware into old posts.
The signs that that has happened are:
- Links don’t work. There are additions to the permalinks containing the expressions “eval” and “base64_decode.”
- In the site users list there is more than one – another “admin” or some other name.
WordPress urges everybody to update, since the current version and the one before that (2.8.4 and 2.8.3) are impervious to this worm. They also ask you to warn those you know or read that they should update, too.