WP-Stats Virus in Wordpress Blogs - How to prevent it?

Posted by MoiN
June 4, 2008

WP-Stats VirusA lot of people are getting infected by this WP-Stats Virus in wordpress. WP-Stats is a trojan horse and is infecting a lot of bloggers using wordpress. Mainly WP-Stats virus is hitting people who are using Wordpress version 2.3.3.

What Does WP-Stats Virus do?

WP-Stats virus creates a directory in your wp-contents folder named “1″ and creates a directory of list of “search engine-friendly” gambling, porn, and other illegal sites.

Where does WP-Stats virus comes from?

WP-Stats virus comes from infected websites which are flagged by Google. I’m assuming that the plugin WP-Stats is bugged and infected as well. WP-Stats WP-Stats 2.0 are Affected for sure. According to Net Security

WP-Stats WordPress Plugin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-stats.php script not properly sanitizing user-supplied input to the ‘author’ variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.”

How to remove WP-Stats Virus?

Well, there isn’t a 100% solution out yet but you should take these steps to get least infected.

- Upgrade your Wordpress to the latest version

- Delete the folder wp-content/1 through your wordpress control panel since it contains the trojan.

- I’m not sure if you can access yourblog.com/wp-admin because WP-Stats hits it too else you should remove the plugin.

- Avoid installing any new plugins

- Try changing your theme because there are some themes that calls for the script.

I would also recommend you to read these blogs which basically confronted this trojan, for more information.

JasonMorrison
Bontb
TipsTricksToolsTechniques

Tips & Tricks
If you enjoyed this post, make sure you subscribe to my RSS Feed for latest updates.
Comments
Comment by Yasser on June 5, 2008 @ 8:27 am

So it’s more of a plugin that is vulnerable and not WordPress itself.

Comment by MoiN on June 5, 2008 @ 8:33 am

There are some sites that are flagged by google, it gives a warning before you enter.. And I recommend that you shouldn’t.
Wordpress’s SQL is vulnerable and the trojans can get in, yes with helps of plugins etc.

Comment by Rockstar Sid on June 5, 2008 @ 8:44 am

I suggest everyone to use wassup wordpress plugin… Extremely useful!

Comment by Manoj Sterex on June 9, 2008 @ 4:08 pm

Hey, you are talking about a very old version of wordpress 2.3.3. 2.5.1 is out. Besides, you are not even mentioning who is getting infected, the user or the server?

Just upgrade wordpress if you still haven’t. That should solve the problem. Besides, you could use the Stats plugin that uses wordpress.com API. That is surely safe, I guess.

Comment by Moin on June 9, 2008 @ 4:11 pm

Yes, I know, I actually know someone who was infected by this last week.. and a lot of people are still using the old version!

Comment by Manoj Sterex on June 10, 2008 @ 4:14 pm

That’s bad. I wonder why they are still using the old version. Probably theme compatibility?

Whatever the reason, if they do not upgrade, they are losing out on all the new features.. pity.. :(

Comment by roderich on June 17, 2008 @ 6:30 pm

hi, i am having wp 2.5 and still got infected. i cannot log in to admin mode anymore and honestly quite lost. somebody have some help?
roderich

Comment by Babe Pussy on July 1, 2008 @ 7:57 pm

Thanks for this. Article who your writen was so important for me. Thanks again :)

Comment by 이정일 on July 23, 2008 @ 9:02 pm

Great information for me, Thanks.

Leave a comment

(required)

(required)