QUOTE(Emperor @ Fri 31st October 2008, 6:50pm)
How can this happen? Is MediaWiki that easy to put viruses into? Once a MediaWiki site is overrun with viruses, why is it so difficult to clean up?
IMO, stuff like that would have to come from uploaded image files, which are probably scanned for embedded scripting and other forms of malware on Wikipedia, but not on ED or some other standard MediaWiki installation. I don't know exactly when Wikipedia started scanning them, but I suspect it was well before 2004.
Having said that, there's no guarantee
that malicious code couldn't be embedded into an image file in such a way that WP's scanners wouldn't catch it, at least not immediately.
There was also this incident
, but that was more of a "spoof" than anything else, though of course the ultimate goal there was also to spread a virus, and it did manage to ensnare a few gullible people, apparently.
As for it being difficult to clean up, that would depend on whether or not you can run malware-scanning software on the server, and how good it is. A site like ED probably doesn't operate its own servers, and if they have to check out each image manually, well... that would be a nightmare after a while, no question about that!