According to Websense researchers, over a hundred Web sites using WordPress 3.2.1 were recently compromised.
"The Java vulnerability exploited in the attack is known as CVE-2011-3544 and allows the remote execution of arbitrary code," Constantin writes. "In this case, the attackers are leveraging it to install a version of the TDSS rootkit on the computers of people visiting the website."
Go to "Hackers Infect WordPress 3.2.1 Blogs to Distribute TDSS Rootkit" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.