Backdoor brute-forces Joomla and WordPress sites
Posted on 06.09.2013
A recently discovered backdoor with brute-forcing capabilities that are used against Joomla- and WordPress-managed blogs has shown, once again, the importance of keeping your content management system updated and secured.


The malware, dubbed Fidobot, tries to log into into Joomla and WordPress administrator pages (/administrator/index.php and /wp-login.php) by using admin as the username and by going through a list of often used passwords downloaded from its C&C server. When a specific combination allows it to log into the page, it sends it to same server.

An infected computer probes this way over 17,000 various domains every single day, which amounts to more that 100,000 domains per week - and a botnet usually consists of tens of thousands or even hundreds of thousands such machines.

But what worries Trend Micro researchers is that this and similar attacks may be just a precursor to worse ones. "The Stealrat botnet operation, for example, uses several compromised WordPress sites to generate spam and conceal its operations. The notorious Blackhole Exploit kit has also used several WordPress sites to redirect users to its final payload," they pointed out.

"A compromised site could affect many thousands of users, so it is much more important for administrators to secure their passwords. Settings and plug-ins to help secure CMSes are available to administrators, and they should use them appropriately."









Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //