Our comments and trackback policy You Link We Follow, You Comment We Promote

In an attempt to gain personal user and dent the name of WordPress, hackers have been busy as a www.wordpresz.org had been set up to enable users to download compromised code. Yes if you happen to mistype wordpress.org you could be in for it as this technique was done, though updates suggest that the move has been taken care of. The process is as such that the code sends cookie content to a hacked program hosted on wordpresz.org and could expose passwords and other identifying information to the seeker. Coincidentally, the site was set up on the same IP address as a fake pharmacy site. The blog I stumbled upon, explains more:

The backdoored pluggable.php file attempts to send the stolen data to wordpresz.org/tuk.php which is still accepting cookies if the requests are properly formatted. The spoof is a nearly perfect combination of social engineering, typosquatting and the natural EstDomains connection as the domain registrar, nearly perfect in the sense that they couldn’t duplicate the whole WordPress.org potentially raising suspicion at the end user’s end.