Hackers are trying to use the good reputation of Wikipedia to lure unsuspecting users into executing malware. The very openness of Wiki that allows users to freely add or edit available content has made it an attractive target for virus authors to plant malicious code in articles. A POC worm targeting Wiki was discovered earlier in August of this year.

In a recent incident, an email was mass spammed to German computer users requesting them to download a security fix for a new variant of the infamous Blaster worm. The email was crafted to supposedly appear from Wikipedia, complete with an official Wikipedia logo. The email directed users to a fixed Wikipedia article which included a link to malware hosted on an external site.

Editors at Wikipedia were quick to fix the misleading content in the article. However since Wiki stores all previous revisions to an article, the attacker was able to direct users to the archived pages via the spammed email. Wikipedia administrators had to finally erase all old versions of the article to resolve the issue.

As malware authors continue to improve social engineering techniques, public community sites like MySpace, Orkut, Wikipedia et al will have to adapt and modify their policies with regards to posting and editing content. One can take a cue from webmail providers like Hotmail and Yahoo that have implemented mandatory virus scanning of attachments, to have all content scanned by an antivirus before being posted. This will help prevent mischief makers from creating toxic pages.

Update: A detailed anaylsis of this threat can be viewed at the McAfee Avert Labs Threat Library. Trojan Nordex: http://vil.nai.com/vil/content/v_140856.htm.