Cheshire Cat Photo Blog(...said the Cat: 'we're all mad here....')

Matt Mullenweg, a founding developer of WordPress, has discussed a worm that can post malware and spam to some WordPress blogs using outdated versions of the WordPress software.

The vulnerability was discovered on August 11, when WordPress urged users to update to version 2.8.4! (Yes, this blog is running 2.8.4.) Many people have yet to upgrade, and meanwhile, the worm is chomping away.

Mullenweg described the actions of the worm: “it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.”

CNET says that, “The worm does not affect the current version 2.8.4 and the one prior to it. And it only affects people who host their own WordPress blog. Blogs hosted on WordPress.com are unaffected.”

Upgrade instructions and links are here. If you think your blog has been attacked, here is a WordPress FAQ for you.

-Bill at Cheshire Cat Photo™

You can view higher-resolution photos (*generally* 7-30 megabytes, compressed) at the Cheshire Cat Photo™ Pro Gallery on Shutterfly™, where you can also order prints and gifts decorated with the photos of your choice from the gallery. Apparel and other gifts decorated with some of our most popular photos can be ordered from the Cheshire Cat Photo™ Store on CafePress®. Both Shutterfly™ and CafePress® ship to most international locations worldwide! If you don’t see what you want or would like to receive an email when new photos are up on the site, send us an email at info@cheshirecatphoto.com.