• Critical Vulnerability and Privacy LoopHole Found in RoboForm Password Manager

    Unless you are a human supercomputer, remembering password is not so easy, and that too if you have a different password for each site. But luckily...
  • miniLock - Open Source File Encryption Tool from CryptoCat Developer

    It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as...
  • A BEGINNERS GUIDE TO HACKING UNIX

      *************  *       A BEGINNERS GUIDE TO:        *  *        ...
  • CASH! CASH! Hacking ATM Machines with Just a Text Message

    As we reported earlier, Microsoft will stop supporting the Windows XP operating system after 8th April, apparently 95% of the world’s 3 million...
  • Microsoft Word Zero-Day Vulnerability is being exploited in the Wild

    Microsoft warned about a zero-day vulnerability in Microsoft Word that is being actively exploited in targeted attacks and discovered by the...
  • Snoopy Drone Can Hack Your Smartphones

    The use of unmanned aerial vehicles (UAVS) called Drones is rapidly transforming the way we go to war. Drones were once used for...
  • Android Privilege Escalation Flaws leave Billions of Devices vulnerable to Malware Infection

    Android - a widely used Smartphone platform offered by Google is once again suspected to affect its users with malicious software that puts...
  • Introduction to Netcat

    Introduction : So I was messing around on the internet and came across a tool called Netcat.  I've been messing with it for a couple of...
  • Google Nexus phone vulnerable to SMS-based DOS attack

    Google’s Nexus Smartphones are vulnerable to SMS-based DOS attack, where an attacker can force it to restart, freeze, or lose network...
  • Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

    A Symantec researcher has discovered a new Linux worm, targeting machine-to-machine devices, and exploits a PHP vulnerability...

Sunday, 29 September 2013

Thousands of Wordpress blogs compromised to perform DDOS attack

There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet. 

In April, 2012 we reported about a large distributed brute force attack against millions of WordPress sites were occurring, out of that hackers are successful to compromise 90,000 servers to create a large Botnet of Wordpress hosts.

According to the DDOS attack logs report received from a 'The Hacker News' reader 'Steven Veldkamp', victim's website was under under heavy DDOS attack recently, coming from various compromised Wordpress based websites.

Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts.



After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to 23/Sep/2013:13:02:47 +0200, we found that in 26 second attacker was able to perform DDOS attack from 569 unique compromised Wordpress blogs. Hacked websites include blogs of Mercury Science and Policy at MIT, National Endowment for the Arts (arts.gov), The Pennsylvania State University and Stevens Institute of Technology.

So an attacker using a large number of high performance hosting in order to build a much larger botnet of for a DDOS attack. This attack is happening at a global level and WordPress instances across hosting providers are being targeted. Since the attack is highly distributed in nature (most of the IP’s used are spoofed), it is very difficult to block all malicious data.

According to the statistics recently published by WP WhiteSecurity, more than 70% of WordPress installations are vulnerable to hackers out of the World's Top 1 Million websites having a Wordpress installed.
From the table above you can determine that at least 30,823 WordPress websites out of 42,106 are vulnerable to exploitable vulnerabilities, which can be detected using free automated vulnerability assessment tools.

Also in August, 2012 Researchers at Arbor Networks have uncovered a botnet called Fort Disco that was used to compromise more than 6000 websites based on popular CMSs such as WordPress, Joomla and Datalife Engine.

If you are running WordPress sites, now would be a good time to ensure that strong passwords are always used and that your username should be changed from “admin”.

Avoid Obvious Passwords, Scan your computer for viruses, keyloggers, rootkits, and botnet software. Most importantly, Update WordPress and all plugins to the latest versions.

No comments:

Post a Comment