Backdoor brute-forces Joomla and WordPress sites
Posted on 06.09.2013
A recently discovered backdoor with brute-forcing capabilities that are used against Joomla- and WordPress-managed blogs has shown, once again, the importance of keeping your content management system updated and secured.


The malware, dubbed Fidobot, tries to log into into Joomla and WordPress administrator pages (/administrator/index.php and /wp-login.php) by using admin as the username and by going through a list of often used passwords downloaded from its C&C server. When a specific combination allows it to log into the page, it sends it to same server.

An infected computer probes this way over 17,000 various domains every single day, which amounts to more that 100,000 domains per week - and a botnet usually consists of tens of thousands or even hundreds of thousands such machines.

But what worries Trend Micro researchers is that this and similar attacks may be just a precursor to worse ones. "The Stealrat botnet operation, for example, uses several compromised WordPress sites to generate spam and conceal its operations. The notorious Blackhole Exploit kit has also used several WordPress sites to redirect users to its final payload," they pointed out.

"A compromised site could affect many thousands of users, so it is much more important for administrators to secure their passwords. Settings and plug-ins to help secure CMSes are available to administrators, and they should use them appropriately."









Spotlight

Cloned, booby-trapped Dark Web sites steal bitcoins, login credentials

Apart from being a way for dissidents and journalists to do their business without being spotted and identified by "the powers that be", the Dark Web is also a place where criminals sell and buy illegal wares and services and, apparently, where they also get robbed by scammers.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Jul 3rd
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //