Users of WordPress blogging software have been targeted by malware that can insert other malware and spam into blog entries.
However, all victims of the malware are using an outdated version of WordPress blogging software with known vulnerabilties.
WordPress founder Matt Mullenweg said in a blog posting that the only way to keep blogs secure is to keep software up-to-date.
"Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)" he wrote.
According to Mullenweg, the current 2.8.4 and preceding version of WordPress are immune to the malware, which has been targeting users since mid-August.
The malware affects only users who host their own WordPress blog. Blogs hosted on WordPress.com are unaffected.
"If we find something broken, we'll release a fix. Please upgrade, it's the only way we can help each other," said Mullenweg.
WordPress has posted guidelines on its website for users who suspect they have been targeted.