WordPress users, who have not already upgraded to the latest version (2.8.4) are vulnerable to a serious, active security threat. Respected WordPress blogger Lorelle, explains that there are two clues you should look for, to see if your WordPress blog has already been attacked.
Here’s what she says:
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
We are strongly recommending self-hosted WordPress bloggers, who are not already running the most up-to-date version to update their WordPress software as soon as possible.
WordPress.com blogs
If you have a WordPress blog hosted at WordPress.com, your blog will be fine. Blogs hosted at WordPress.com auto-update to the most recent software build and thus, are not vulnerable to this particular attack.
At the time of writing this, Automattic (the owners of WordPress) have not commented on the threat. If you have any additional news regarding this, please share it in the comments section.
UPDATE:
Here’s some great advice from WordPress.org regarding this issue.
RT @thetechnewsblog:Wordpress blogs under attack http://bit.ly/wY3qg *PLEASE RT*
RT @thetechnewsblog: WordPress blogs under attack http://bit.ly/wY3qg
2.8.4 이전 버전은 공격대상인가 봅니다. RT @thetechnewsblog WordPress blogs under attack http://bit.ly/wY3qg
RT @thetechnewsblog: WordPress blogs under attack http://bit.ly/wY3qg
RT @tweetmeme WordPress blogs under attack | The Tech News Blog http://bit.ly/wY3qg
WordPress blogs under attack! http://3.ly/BtO