WordPress malware spreading —Sophos

WordPress users, watch out: a new malware is now injecting itself into WordPress installations. Computer security firm Sophos said the virus “Mal/Badsrc-C" is found in the file index.html, planted in such a way it would show itself only on Microsoft’s Internet Explorer browser. “This hack appears to be widespread and website owners need to be vigilant," Sophos’ Paul Baccas said in a blog post. Baccas said an analysis of the virus showed the malicious code will only be served if the user agent is Internet Explorer. He said an initial investigation showed malicious code managed to inject itself into the PHP code used on some websites running WordPress. “(This means that) if you visit them when running Internet Explorer you could be exposing yourself to a malware attack," he said. But what is not yet clear for now is exactly how the malicious code managed to embed itself on the website, although it was most probably via compromised FTP credentials, he said. “If you run a site which uses WordPress you would be wise to ensure that your passwords are chosen carefully (not dictionary words, and not easy to guess) and that you are not using the same credentials on any other websites. If you think it’s possible that your password details may have been stolen - or if you use the same passwords elsewhere on the internet - change them immediately," Baccas said. Also, he said WordPress users should regularly audit the code on your site to ensure that there have not been any unauthorized changes. — TJD, GMA News