“The newly discovered worm is pretty sneaky to say the least. In a nutshell, it crawls the web looking for vulnerable WordPress installations, makes itself an administrator account, takes full control of the website and posts malware and spam to it. It’s also been reported that it will sometimes disable Defensio and other anti-spam plugins. It can be very hard to detect the new malicious administrator user since it hides itself from the users list using Javascript.”

Read the full story.