Some may have noticed some annoying popups or fake computer security messages over the past couple of days. It turns out that a worm had exploited some weaknesses in WordPress and attacked self-hosted blogs on my hosting service. I thought I had it fixed yesterday but apparently did not. Since then I’ve replaced all the major system files with new versions or backups and I’m not pretty sure that the site is back to normal.
However, the nasty thing about the little script that infected the site is that if any files remain infected it will spread to the remaining good files by replicating itself to the PHP headers. Thus, if I missed any it may come back. Please let me know if it does or if any other strange behavior occurs.