Backdoor brute-forces Joomla and WordPress sites
Posted on 06.09.2013
A recently discovered backdoor with brute-forcing capabilities that are used against Joomla- and WordPress-managed blogs has shown, once again, the importance of keeping your content management system updated and secured.


The malware, dubbed Fidobot, tries to log into into Joomla and WordPress administrator pages (/administrator/index.php and /wp-login.php) by using admin as the username and by going through a list of often used passwords downloaded from its C&C server. When a specific combination allows it to log into the page, it sends it to same server.

An infected computer probes this way over 17,000 various domains every single day, which amounts to more that 100,000 domains per week - and a botnet usually consists of tens of thousands or even hundreds of thousands such machines.

But what worries Trend Micro researchers is that this and similar attacks may be just a precursor to worse ones. "The Stealrat botnet operation, for example, uses several compromised WordPress sites to generate spam and conceal its operations. The notorious Blackhole Exploit kit has also used several WordPress sites to redirect users to its final payload," they pointed out.

"A compromised site could affect many thousands of users, so it is much more important for administrators to secure their passwords. Settings and plug-ins to help secure CMSes are available to administrators, and they should use them appropriately."









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //