The material that it was trying to introduce to people reading the site may include various forms of backdoors. It would be adviseable to run a good virus scan on your system if you have read the site in the last couple of weeks. Corporate systems shouldn’t have had an issue because the site it was linking to has been a well known chinese malware site for a long time.
The anti-virus/malware scans missed it at the server because it was a new variant of an old problem (the same one I had in march), targeted specifically at wordpress sites using what is evidently is still a open vunerability. My own checking of the site missed it because it had managed to leave all of the file attributes of the file (size, times, etc) exactly the same as the origionals. My attempts to see what people were reporting had failed because it only emitted the malware link out periodically. A dump of the web page at the client side by Stephen Worthington allowed me to see exactly what it was doing.
The vunerability it was exploiting was meant to have been fixed in wordpress 2.5, however they seem to have found another vunerability. The downside of having open source software is that it is possible to read the code looking for holes. I’ve done some things to reduce possible problems, but I now have MD5 hash check of the files running periodically which will fix the problem if it happens again. I’ve also reported the details to wordpress and a couple of other sites.
But there are some very creative people out there writing this stuff, and evidently this site is popular with them.
Lynn
Powered by WPtouch Mobile Suite for WordPress
