Last week a new worm started spreading that breaches a security vulnerability in older versions of WordPress. It only affects self-hosted WordPress blogs (not blogs hosted on WordPress.com)…and…it only affects those blogs not running the most current version of WordPress (2.8.4).
The worm typically places executable code within the permalink structure for a blog and also creates an “invisible” admin for the blog that you can’t delete from the WordPress control panel.
If your blog is hit by this worm, the fix involves some cleanup and detective work, along with installing the latest version of WordPress. More information about this attack and how to fix things if your blog is hit are here:
It’s a shame that problems like this exist, but with the popularity of WordPress I guess it’s to be expected.
Useful information… Acted upon… Fantastico was busy!