The blogosphere is full of mentions to the worm that is attacking old versions of the Wordpress blog platform and the attack on the popular Scobleizer blog. I was reading about it in the weekend, particularly how the worm works, what it does, how to prevent it and how to recover from it. As Matt Mullenweg, creator of Wordpress, puts it: "This particular worm, like many before it, is clever". One of the things it does is changing the links of the blog to something like this:

/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/

and this in turn allows evaluated code to be executed. “eval” is evil hum? Although its not something new, still quite cunning. The eval() function evaluates a string and executes it as if it was script code. This means when a user clicks the link on the affected blog, the Javascript arbitrary code will run on the user's browser. Not good. http://wordpress.org/development/2009/09/keep-wordpress-secure/
http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/