According to foreign media reports, the well-known blogging system WordPress recently suffered a "Li ghost", not only the website domain name was counterfeit, but also was inserted malware.
The official domain name of WordPress is WordPress.org, but a fake site Wordpresz.org has popped up, replacing the "s" in the official address with a "z". At present, the official website offers version 2.6.3 of WordPress, while the fake website has launched a new version 2.6.4.
Hackers officially use the version update to lure users, compared with 2.6.3 version, 2.6.4 only added a malicious file "pluggable.php", allowing hackers to steal user cookies, and then send these data to Wordpresz.org/tuk.php. A few days ago, Sophos, a British Internet security firm, has labeled the file as a Trojan horse "Troj/WPHack-A."
Sina Technology