WordPress attacks showcase botnet owner's expanding tricks

Share this article:

A botnet using more than 90,000 IP addresses to crack WordPress admin accounts may be used as part of a larger plot to disrupt online users, according to researchers.

WordPress founding developer Matthew Mullenweg took to his blog Friday to warn users of widescale hacking attempts underway.

WordPress users with the “admin” username are being targeted by a botnet consisting of compromised home PCs. The infected machines are brute-force hacking accounts, automatically inputting a list of commonly used passwords. Mullenweg advised anyone with the “admin” login to change it, as well as their password, and to turn on the site's newly implemented two-factor authentication feature.

CloudFlare, a San Francisco-based security and site performance service provider, and web hosting provider HostGator suggested the botnet could be using home-based machines to assemble a more destructive network capable of carrying out distributed denial-of-service (DDoS) attacks on the web.

Compromised WordPress servers would give the botnet much more bandwidth to use for malicious purposes, according to a blog post from CloudFlare, a San Francisco-based security and site performance provider.

CloudFlare co-founder and CEO Matthew Prince said a similar attack method was used to stage the ongoing DDoS campaigns against several banks in the United States.

In those incidents, hackers targeted WordPress users running an outdated TimThumb plug-in, a popular image resizing tool, to exploit the accounts and turn infected accounts into DDoS tools pointed toward American banking sites.

Prince said targeting WordPress servers gives attackers an “army of bots” with “fairly big connections to the internet."

“The harm is that, if your blog is compromised, the server resources can be used to launch attacks against other parts of the internet infrastructure,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.