UPDATE: WordPress 2.6.5 has been released. This is still no legitimate version 2.6.4 and there never will be.
As of the time of this post, there is no such thing as WordPress 2.6.4. There also likely never will be as 2.7 will be the next version of WordPress assuming no emergency security fixes are needed before it comes out.
If you “upgraded” to “2.6.4″, then you have installed a fake trojan version (full description is here and here), you should delete your wp-admin and wp-includes folders and replace them with fresh copies downloaded from WordPress.org, the official site. If you have a recent database backup from before you upgraded, I would also advise dumping your database and using that backup just to be safe. You should also of course change all of your WordPress user account passwords.
Please be smart when it comes to WordPress! Because it’s so immensely popular, it has become the target of spoofers and hackers. Always type in the URL to the official site (rather than using a link and not paying attention) if you are trying to download the latest version.
[...] of WordPress you download has malicious code in the download that opens a backdoor to your blog. If you upgraded WordPress to 2.6.4, you are running a fake version. There is no WordPress 2.6.4. The latest version is 2.6.3. This is [...]
[...] If you upgraded WordPress to 2.6.4, you are running a fake version. There is no WordPress 2.6.4. The latest version is 2.6.3. The version of WordPress you download has malicious code in the download that opens a backdoor to your blog. [...]
Thanks for the warning
[...] If you upgraded WordPress to 2.6.4, you are running a fake version. There is no WordPress 2.6.4. The latest version is 2.6.3. The version of WordPress you download has malicious code in the download that opens a backdoor to your blog. [...]
[...] WordPress Version Is a [...]
Looks like the folks at wordpress have decided to skip wordpress 2.6.4 and go straight to 2.6.5 which was just released today due to security and other bug fixes. you can read the full post and get the new version on the wordpress.org site. http://www.wordpress.org
read the blog here: http://wordpress.org/development/2008/11/wordpress-265/
it’s sad that it’s come to this for the open source world. That programs such as wordpress become targets for hackers.
Brandon
[...] Well, a fake WordPress site released version 2.6.4 that contained code that opens up the entire WordPress installation. There is no version 2.6.4. If you are running it, your WordPress was hacked. Instructions for clearing this up are available at Viper007Bond. [...]
[...] warn of a bogus WordPress 2.6.4 version out [...]
[...] of WordPress you download has malicious code in the download that opens a backdoor to your blog. If you upgraded WordPress to 2.6.4, you are running a fake version. There is no WordPress 2.6.4. The latest version is 2.6.3. This is [...]
[...] of WordPress you download has malicious code in the download that opens a backdoor to your blog. If you upgraded WordPress to 2.6.4, you are running a fake version. There is no WordPress 2.6.4. The latest version is WordPress 2.7, [...]
[...] and spoofing is on the rise. WordPress was recently faked with a malicious site taking advantage of a misspelling in the domain name for WordPress. Now, Barak Obama fake websites are on the [...]
That’s why it’s always a good idea to update from the WordPress site itself, luckily for us the new versions allow for us to auto-update without downloading, uploading and installing the mods on our own. Good looking out, a simple google search returns many sites running the ‘trojan’d’ 2.6.4 version…