Bloggers and site owners using the WordPress content management system are being advised to upgrade to the latest version of the software after a worm was found to be affecting downloaded versions of the system.
According to a statement from WordPress, a worm is currently exploiting a security hole in the software in an attempt to distribute spam and links to numerous forms of malware, including fake antivirus software.
“The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage.”
Users who are using downloaded versions of the open source CMS to run their self-hosted site or blog have been advised to upgrade to WordPress 2.8.4, a version which includes a patch that closes this security flaw. Bloggers that are using the online version of WordPress at www.wordpress.com are unaffected by the threat, although experts would advise users to back-up their posts if possible.
WordPress has also taken the opportunity to reminded users that an upgrade could save considerable time in having to repair a blog in the event of a security breach, writing “A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well – a little bit of work on an upgrade now saves a lot of work fixing something later.”