Online fraudsters used a fake version of the Wikipedia's German edition to send victims to an unrelated site that attempted to compromise the visitor's computer, the company said.
(This news brief has been corrected.)
The virus appeared to be in a Wikipedia article on the MSBlast worm, also known as the Blaster worm. The online fraudsters spammed out the link to the article, warning recipients of a new worm, but instead, anyone who followed the link became the target of an attack. Previously, antivirus firm Sophos had claimed that the link had sent victims to the actual German version of Wikipedia.
"The very openness of websites like Wikipedia--which allow anyone to edit pages--makes them terrific, but can also make them less trustworthy," Graham Cluley, senior technology consultant for Sophos, said in the statement. "In this case, it wasn't just that the information posted in Wikipedia's articles was misleading, it was downright malicious."
In reality, the bulk e-mail messages were part of a phishing attack that sent people to a totally unrelated site, said Brad Patrick, general counsel and interim executive director for the Wikimedia Foundation.
"The point is, we were not hacked," Patrick said. "Nothing from Wikipedia's servers was downloaded to the population. Bad people were using our good name to fraudulently portray the download as if coming from our site."
Two-stage attacks, frequently used in phishing and bot-net campaigns, use e-mail or instant messaging to send a link to potential victims; PC users that follow the link will likely be infected by the malicious Web site. Bot nets using home users' computer systems are increasingly responsible for the rise in fraudulent e-mail messages.
CORRECTION: The news brief incorrectly characterized the source of the malicious content. The content did not come from Wikipedia's servers but from another, unrelated, server that appeared to be a Wikipedia server.
Posted by: Robert Lemos