Wordpress, one of the most popular free blogging software available on the Web, has informed users of an unfixed bug in its older installations which poses a potential security threat to a user's blog or website--even leaving it open for a hack attack.
The attacks are in the form of spam blog comments to one or several blog posts, with cleverly disguised links to malware-infested websites. And although the worm tries to hide its tracks on an infected blog, it isn't able to do so entirely. Wordpress has explained that as this worm works its way through blog posts, leaving comments, it tends to leave behind broken links of infected blog posts--due to poor coding--thus revealing itself to the blog admin.
This is what Wordpress has to say on the issue:
"The tactics are new, but the strategy is not. Where this particular worm messes up is in the 'clean up' phase: it doesn't hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage.
"Wordpress has asked bloggers all over who use the popular Web publishing software to immediately update their Wordpress software to the latest 2.8.4 version. Upgrading to the latest version is much more simpler and hassle-free than trying to fix a hacked blog."