Cyber criminals compromise more than 1000 wordpress websites and modified the Automatic update features , redirect visitors to malicious sites,e-commerce sites or low quality PPC search result aggregators.
Hackers managed to compromise the 'wp-admin/includes/update.php' file and modified the 'wp_update_core' ,which is used by the WordPress Automatic Update feature.
This function checks for available updates ,downloads new files and replace the old files in order to complete wordpress upgrades. When malicious code in the 'wp_update_core' function begins to work. It reinfects the just-updated and new wp-settings.php file.
"So if you thought that WordPress upgrade could only make you blog more clean – you were wrong. If your blog was infected before the upgrade and hasn’t been completely cleaned up, the upgrade itself may even reinfect files that were clean before the upgrade" Denis Sinegubko, the founder of the helpful Unmask Parasites website said.
"Manual upgrades and upgrades via SVN are still completely safe. By the way, not only are SVN updates safe but they are also nearly as simple as automatic updates (one simple command) and provide built-in integrity control, so you can easily identify all changed and potentially infected code WordPress files and have them reverted to their original state." he concludes.