SQL attack on WordPress blogs 2.9.2 at Network Solutions

A large number of WordPress blogs running 2.9.2, and hosted on Network Solutions are getting infected with malware. “The malware modifies "siteurl" inside "wp-option" table to point to http://networkads.net/grep/, breaking the site layout completely. None of them’re using “same plugins” or “same themes”. Some of them even have wp-admin access blocked to only a few […]

A large number of WordPress blogs running 2.9.2, and hosted on Network Solutions are getting infected with malware. “The malware modifies "siteurl" inside "wp-option" table to point to http://networkads.net/grep/, breaking the site layout completely. None of them’re using “same plugins” or “same themes”. Some of them even have wp-admin access blocked to only a few IPs and via htpasswd password,” reports Sucuri. In compromised sites, this setting is changed to point to a malicious website. This redirects all would-be blog readers to the said website, which contains scripts leading to a malicious file detected by Trend Micro as TROJ_BUZUS.ZYX. Network Solutions stated that it’s aware of the issue, and they’re investigating the issue and checking to see if a WordPress theme or plug-in was responsible,” report Trend Micro. To fix this issue, just revert your siteurl back to the previous value. Log in to your control panel, go to manage database, and edit the siteurl value on the wp-option table. Refer this post for more information on affected users.