The MU forums have moved to WordPress.org

Social Engineering and FAKE WP 2.6.4 (5 posts)

  1. eagano
    Member
    Posted 13 years ago #

    I don't think many in this forum will fall for the latest social engineering trick, and it's for standalone not MU, but I wanted to mention it.

    There is a fake WordPress 2.6.4 out there now, that backdoors cookie contents on successful login to a webserver for later compromise. It appears that the site has been taken down for now.

    The offending site (typo squatting): http://www.wordpresz.org

    See the screenshots:
    http://blogs.zdnet.com/security/?p=2129

    Also from the WP forums:
    http://wordpress.org/support/topic/214908

    Not sure how they managed to inject the upgrade alert into the dashboard feeds. Seems like it might be a Windows-based DNS attack. Why bother 'forcing' the upgrade if they have already poisoned DNS?

  2. eagano
    Member
    Posted 13 years ago #

    Update:

    The site has been shut down. The attack apparently relied on a known, but since fixed, exploit that allowed changes to Dashboard feeds via script attacks. There are now Dashboard articles warning of the fake site.

    http://westi.wordpress.com/2008/11/06/wordpresz/

  3. MrBrian
    Member
    Posted 13 years ago #

    Very clever.

  4. indojepang
    Member
    Posted 13 years ago #

    Yaiks!

  5. VentureMaker
    Member
    Posted 13 years ago #

    Watch URLs you're visiting :) Bookmarks do the job here ;)

About this Topic

  • Started 13 years ago by eagano
  • Latest reply from VentureMaker