Many admins don't know that updates don't necessarily clean an infection

May 4, 2012 13:43 GMT  ·  By

Experts say that cybercriminals have found a way to abuse WordPress automatic updates to infect blogs. Two days ago there were at least 1,000 sites infected in this manner.

Unmask Parasites’ Denis Sinegubko informs that many administrators believe that if they update a compromised blog, the process will automatically clean the site. In reality, the update doesn’t necessarily remove the threat.

Moreover, in some cases these upgrades may come with a malicious element that further damages the site.

Sinegubko is currently studying these attacks, trying to find the security hole that ensures their success and how the backdoor is utilized by the hackers, but in the meantime, he offers some advice to administrators.

“Manual upgrades and upgrades via SVN are still completely safe. By the way, not only are SVN updates safe but they are also nearly as simple as automatic updates and provide built-in integrity control, so you can easily identify all changed and potentially infected code WordPress files and have them reverted to their original state,” he explained.