[wp-hackers] Evaluating impact from yesterday's Trojan'd plugins?

Alexander Concha alex at buayacorp.com
Wed Jun 22 13:02:08 UTC 2011

On Wed, Jun 22, 2011 at 2:59 PM, Doug Stewart <zamoose at gmail.com> wrote:
> Howdy all,
> I was one of the users that blindly updated one of the affected
> plugins (WPtouch). I quickly updated to the recommended clean version
> as soon as I heard about the exploit, but the descriptions of the
> attack thus far have been free of details. I'd like to know more about
> what, if any, of my site's data was compromised and how best to keep
> watch over my sites in case any follow-on exploits are attempted.
> Was it simply insertion of spam links in body content, or did it call
> home? Did it send in-flight passwords, or DB contents, or file
> locations, or did it traverse my filesystem to check for other
> potentially-vulnerable software?

It allowed php code execution.

Alexander Concha

More information about the wp-hackers mailing list