NEWS - August 08, 2013
by Carol~ - 8/8/13 8:24 AM
'Fort Disco' Botnet Behind Attack Campaign Against Thousands Of Sites
"A 25,000-PC strong botnet is behind a brute force campaign that has compromised more than 6,000 websites "
Researchers at Arbor Networks have uncovered a crafty attack campaign that has compromised thousands of sites powered by Joomla, WordPress, and Datalife Engine.
According to Arbor Networks, more than 6,000 sites have been compromised in a spate of brute force attacks launched by a botnet dubbed Fort Disco. Made up of more than 25,000 PCs, the botnet receives a list of sites to attack from a central command and control server. On some of the sites, a variant of the "FilesMan" PHP backdoor is installed by the attackers.
"By uploading a PHP shell to compromised sites, an attacker can easily issue commands to thousands of compromised sites in seconds," Matt Bing, a research analyst at Arbor Networks' ASERT team, notes in a blog post. "Blogs and CMSs tend to be hosted in data centers with immense network bandwidth. Compromising multiple sites gives the attacker access to their combined bandwidth, much more powerful than a similarly sized botnet of home computers with limited network access by comparison."
Continued : http://www.darkreading.com/attacks-breaches/fort-disco-botnet-behind-attack-campaign/240159627
Analyzing the Fort Disco bruteforce campaign
Fort Disco: The new brute-force botnet
Blogs with 'weakest of the weak' passwords hijacked for bot army
Large Botnets Attack WordPress And Joomla
@ Arbor Networks : Fort Disco Bruteforce Campaign