Don’t mistype “wordpress.org” because you could end up downloading compromised code. Some hackers have set up www.wordpresz.org. The code sends cookie contents to a hacked program hosted on wordpresz.org and could expose passwords and other identifying information.
UPDATE - Looks dead now.
The backdoored pluggable.php file attempts to send the stolen data to wordpresz.org/tuk.php which is still accepting cookies if the requests are properly formatted. The spoof is a nearly perfect combination of social engineering, typosquatting and the natural EstDomains connection as the domain registrar, nearly perfect in the sense that they couldn’t duplicate the whole WordPress.org potentially raising suspicion at the end user’s end.
The site is on the same IP address as a fake pharmacy site, proving that scammers always ring twice.
Site’s already gone.
Site is gone, that’s quick.
Sometimes there r downsides to opensource…
How is this an downside to open source? It requires the victim to download a compromised build from a fake site, one which is much more difficult to type than the original - had it been on wordrpess.org or wodrpress.org, it may have been more damaging.
On another note, how difficult is it to type out the word ‘are’? Using ‘r’ and ‘u’ as words makes it that much easier to dismiss your comments as nonsense.
Very funny. .Please remove the link on TC.
Remove that hyper link..
tks, Nag
Really funny………..
These sites are cybesqautting sites try to earn money by putting banners similar to popular site but this one very harmful
I really like how there is a convenient link.
And this is called phishing. Always take careful attention with our own typing on keyboard. And up to date anti virus, don’t forget this one.
This is funny and dangerous.
Ugh…how evil. I’m glad it was taken down quickly.
This post wouldn’t have been half as funny if it didn’t have a easy-to-click link, right there. Nice security means.