light bulb

Did You Know?



Reply
Posts: 5,604
Topics: 3,646
Kudos: 7,126
Registered: ‎06-12-2013

Brute-force malware targets email and FTP servers

A piece of malware designed to launch brute-force password guessing attacks against websites built with popular content management systems like WordPress and Joomla has started being used to also attack email and FTP servers.

The malware is known as Fort Disco and was documented in August by researchers from DDoS mitigation vendor Arbor Networks who estimated that it had infected over 25,000 Windows computers and had been used to guess administrator account passwords on over 6,000 WordPress, Joomla and Datalife Engine websites.

Once it infects a computer, the malware periodically connects to a command and control (C&C) server to retrieve instructions, which usually include a list of thousands of websites to target and a password that should be tried to access their administrator accounts.

The Fort Disco malware seems to be evolving, according to a Swiss security researcher who maintains the Abuse.ch botnet tracking service. "Going down the rabbit hole, I found a sample of this particular malware that was brute-forcing POP3 instead of WordPress credentials," he said Monday in a blog post.

 

Full Article

Sr. Community Leader

Posts: 2,308
Topics: 292
Kudos: 1,360
Registered: ‎01-19-2012

Re: Brute-force malware targets email and FTP servers

We talked about this in August as well.  :smileyhappy: 

link

I guess it's still Stayin' Alive.

/// JimM ///
/// Former Community Manager - Now Humble Internet Citizen///
/// Also Formerly a Technical Support Escalations Engineer ///
Posts: 3,616
Topics: 2,131
Kudos: 2,758
Blog Posts: 0
Registered: ‎06-02-2014

Re: Brute-force malware targets email and FTP servers

The following article is a update on Brute-force malware

 

(Brute-force bot busts shonky PoS passwords)

 

By: By Darren Pauli, 10 Jul 2014

 

A botnet has compromised 60 point of sale (PoS) terminals by brute-force password attacks against poorly-secured connections, FireEye researchers say.

The trio including Nart Villeneuve, Joshua Homan and Kyle Wilhoit found 51 of the 60 popped PoS boxes were based in the United States.

The attacks were basic and targeted remote desktop protocol terminals that used shamefully simple passwords such as 'password1', 'administrator' and 'pos'.

 

The Register/ Full Read Here/ http://www.theregister.co.uk/2014/07/10/bruteforce_bot_busts_shonky_pos_passwords/

Community Leader