Backdoor brute-forces Joomla and WordPress sites
Posted on 06.09.2013
A recently discovered backdoor with brute-forcing capabilities that are used against Joomla- and WordPress-managed blogs has shown, once again, the importance of keeping your content management system updated and secured.

The malware, dubbed Fidobot, tries to log into into Joomla and WordPress administrator pages (/administrator/index.php and /wp-login.php) by using admin as the username and by going through a list of often used passwords downloaded from its C&C server. When a specific combination allows it to log into the page, it sends it to same server.

An infected computer probes this way over 17,000 various domains every single day, which amounts to more that 100,000 domains per week - and a botnet usually consists of tens of thousands or even hundreds of thousands such machines.

But what worries Trend Micro researchers is that this and similar attacks may be just a precursor to worse ones. "The Stealrat botnet operation, for example, uses several compromised WordPress sites to generate spam and conceal its operations. The notorious Blackhole Exploit kit has also used several WordPress sites to redirect users to its final payload," they pointed out.

"A compromised site could affect many thousands of users, so it is much more important for administrators to secure their passwords. Settings and plug-ins to help secure CMSes are available to administrators, and they should use them appropriately."


Credential manager system used by Cisco, IBM, F5 has been breached

Pearson VUE is part of Pearson, the world's largest learning company. Over 450 credential owners (including IT organizations such as IBM, Adobe, etc.) across the globe use the company's solutions to develop, manage, deliver and grow their testing programs.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Wed, Nov 25th