[wp-hackers] Evaluating impact from yesterday's Trojan'd plugins?

Otto otto at ottodestruct.com
Wed Jun 22 13:19:42 UTC 2011


On Wed, Jun 22, 2011 at 8:15 AM, Mike Little <wordpress at zed1.com> wrote:
> At least, I can confirm that for the wptouch backdoor as that is the only
> one I updated. I've assumed the others were the same/similar.

Different methods, but equally cleverly hidden.

To help mitigate this sort of thing, plugin committers will now get
emails for every check in to their plugins:
http://wpdevel.wordpress.com/2011/06/22/plugin-committers-now-receive-svn-notify-emails-with/

So if something gets checked in to one of your plugins, you get an
email with the diff of what got checked in. If it's bad or if you
didn't do it or even if you're just not sure about it, you can email
security at wordpress.org so they can take a look and figure out the
issue.

-Otto


More information about the wp-hackers mailing list