Hackers use German Wikipedia article to spread malware

Wikipedia, the user-driven online encyclopedia, was a victim of its open-source nature when malware writers posted a link to a malicious website in a German-language article describing a popular computer worm.

Mass spam was sent last week to German users, requesting they visit a manipulated Wikipedia article on the W32.Blaster worm.

The article misled unsuspecting users to believe that a new variant of the worm was in the wild and urged them to visit www[dot]wikipedia-download[dot]org - a bogus site not part of Wikipedia - to download a fix, a Wikipedia spokesman said. When fooled users visited this other site, their PCs became infected with some malicious code.

"It further stated that Microsoft released fixes for the new version, but because their download servers were overwhelmed by requests, Microsoft and Wikipedia made an agreement that the fixes (would be) mirrored on Wikipedia servers," Tim Bartel, a spokesman for the Wikimedia Foundation, the parent organization of Wikipedia, told SCMagazine.com today.

Wikipedia editors quickly corrected the misleading information in the article, but the German spammers used earlier, uncorrected versions of the article in their spams.

Wikipedia representatives downplayed any immediate security concerns.

"The first point I'd like to stress is that no one inserted malicious code directly into Wikipedia," Kat Walsh, a Wikipedia spokesperson, said in an email today to SCMagazine.com.

She said users are limited to "MediaWiki mark-up (language) and a limited selection of file types for direct insertion into Wikipedia."

But Sunil James, security product manager for Ann Arbor, Mich.-based Arbor Networks, told SCMagazine.com that Wikipedia will continue to present an inviting target for Web 2.0 hackers.

"It's accepted by most individuals as a de-facto encyclopedia, and it's accessible by the internet," he said.

Vinoo Thomas of McAfee Avert Labs said in a blog post today that, "As malware authors continue to improve social engineering techniques, public community sites like MySpace, Orkut (and) Wikipedia…will have to adapt and modify their policies with regards to posting and editing content."

Brad Patrick, general counsel and executive director of the Wikimedia Foundation, told SCMagazine.com today that the site's software deletes executable files. But, most of all, the site depends on the users who generate the content to safeguard it as well.

"The real strength, of course, is people looking at it," he said. "That's who we rely on as much as anyone."

Click here to email Dan Kaplan.

Sign up to our newsletters