A Virus is embedding malware into WordPress powered websites:

Several of our client websites have been hacked this week.  We discovered yesterday that they are attacking WordPress sites because of a vulnerability in the program—this has been addressed and a new version of WordPress is now available. Version 2.9.2. is the most recent version as of today May 18, 2010.

My team at Monkey C Media has spent the last two days scanning all of our client sites for any sign of this virus.  Luckily only three of our sites were hacked.   We were able to remove the malware without losing any content.

Who is Affected?

These hackers are not just attacking WordPress powered sites.  They are injecting malware into PHP files.  So, this means if you have a Drupal, Joomla, OsCommerce, or any other site that uses PHP files, you could be their next victim.

What should you do?

1. Upgrade your respective software to the most recent version.
2. Scan your site for alien files.  You can contact your webmaster, or even your hosting service (like GoDaddy for example), or do it yourself.
3. Check your Users menu to make sure that no alien users have been created in your back-end that a hacker could use later after everything has been fixed—then it would start all over again.
4. Change your password.  Make sure that you choose something that has a minimum of 8 digits including upper and lower case letters, numbers, and symbols.
5. Ensure that your theme still works seamlessly, and that your plug-ins and SEO data still work properly
6. Install a backup feature on your site if you do not already have one and start backing up your content regularly
7. For those of  you who love to read as much as possible and can handle the jargon, read this WordPress article about securing your blog site

What could happen?

This particular virus is creating links within your site that will in turn link back to the hacker’s site thereby driving traffic and further improving their rankings.  Google has been said to sandbox a site with malware because of the obvious risk to security.

What others have to say:

If you would like to learn more about this nasty virus, please follow the below links:

Here’s what GoDaddy has to say on the subject
Here’s what people are saying on WordPress Forums