WordPress warns of smart worm attack on blogs
The company said that the worm has been identified only because of flaws in its design.
"It then attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts."
However, the worm's design means that it breaks links on a user's page, alerting them to the fact that something is wrong.
The current WordPress 2.8.4 is immune to the worm, and users are being urged to upgrade as soon as possible.