November 6, 2006 6:34 AM PST
Wikipedia used to spread malicious code
- Related Stories
Another denial-of-service bug found in Firefox 2November 1, 2006
Microsoft blocks 'Black Hat' Vista hackOctober 20, 2006
Wikipedia co-founder plans 'expert' rivalOctober 16, 2006
Newmark reflects on the power of the WebSeptember 22, 2006
Wiki site aims to boost patent review processAugust 28, 2006
The entry for the MSBlast worm in the German version of the popular online encyclopedia was altered to include false information about a new version of the Lovesan/MSBlast worm, with links to a supposed fix, according to Sophos. The fix was actually a piece of malicious code, the antivirus vendor said in a notice published Friday.
It's not clear how long the vandalized page was live, but the editors of Wikipedia.de moved quickly to delete the links once they were discovered.
However, because Wikipedia archives old versions of articles, the hackers were still able to send links to the archived entry through a mass-mailed e-mail. This e-mail purported to be from Wikipedia, and directed German users to the fraudulent Lovesan/MSBlast entry. Because the e-mails linked to a legitimate Web site, they were able to bypass some antispam solutions, Sophos reported on Friday.
"The good news is that the authorities at Wikipedia quickly identified and edited the article on their site," Graham Cluley, senior technology consultant at Sophos, said in a statement. "Unfortunately, however, a version of the page remained in the archive, allowing the hackers to send out spam and continue to direct visitors to the malicious code."
Wikipedia confirmed that it has now permanently erased all versions of the page, according to German news site Heise Online.
Tom Espiner of ZDNet UK reported from London.