Security researchers are warning that some 30,000 WordPress websites, 85% of them based in the US, have been compromised by a mass-injection hijack attack which sees visitors to any of more than 200,000 individual pages redirected to a Trojan infected rogue AV scam.

Look for code linking to a script from rr.nu.

The Timthumb vulnerability is still around, despite having been reported way back in August.

Simon Dickson: "I seemed to cause a bit of a stir a couple of weeks back, when I challenged the decision to develop a new Government [web publishing] Machine from scratch, rather than basing it on an existing third-party platform. My blog post got quite a few comments; and there were some interesting exchanges on Twitter too. And now, to the Government Digital Service team's great credit, they've written a post on their own blog, responding to the challenge."

Later, he remarks: "Or if I might paraphrase, somewhat provocatively: they're writing lots of custom code because otherwise, they'd have to write lots of custom code."

"The Exec summary: An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty."

The wordpress.com servers suffered a "root-level" break-in where "potentially anything" on those servers could have been stolen, Matt Mullenweg admits. However passwords are heavily encrypted, and credtt card details would not have been revealed, he says. <br />
<br />
It's getting simpler to count the sites that haven't had break-ins.