Wikipedia used to spread malicious code
Entry in German version of online encyclopedia hijacked to direct users to malicious code, says antivirus vendor.
The entry for the MSBlast worm in the German version of the popular online encyclopedia was altered to include false information about a new version of the Lovesan/MSBlast worm, with links to a supposed fix, according to Sophos. The fix was actually a piece of malicious code, the antivirus vendor said in a notice published Friday.
It's not clear how long the vandalized page was live, but the editors of Wikipedia.de moved quickly to delete the links once they were discovered.
However, because Wikipedia archives old versions of articles, the hackers were still able to send links to the archived entry through a mass-mailed e-mail. This e-mail purported to be from Wikipedia, and directed German users to the fraudulent Lovesan/MSBlast entry. Because the e-mails linked to a legitimate Web site, they were able to bypass some antispam solutions, Sophos reported on Friday.
"The good news is that the authorities at Wikipedia quickly identified and edited the article on their site," Graham Cluley, senior technology consultant at Sophos, said in a statement. "Unfortunately, however, a version of the page remained in the archive, allowing the hackers to send out spam and continue to direct visitors to the malicious code."
Wikipedia confirmed that it has now permanently erased all versions of the page, according to German news site Heise Online.
Tom Espiner of ZDNet UK reported from London.