Joomla and WordPress Sites Under Constant Attack From Botnets | Security Intelligence Blog | Trend Micro(情報元のブックマーク数)

例のロリポとは別のやつかな?

Compromised websites are part of many attacks online. They can be used to host a variety of threats, ranging from simple spam pages, to redirection pages, to actual malicious files.
We recently came across a case that highlighted the scale of this threat. A backdoor (detected as BKDR_FIDOBOT.A), was being used to brute-force many WordPress blogs. It tries to log into Joomla and WordPress administrator pages at /administrator/index.php and /wp-login.php. To do this, it connects to a C&C server, where it downloads a list of sites to target as well as passwords to use. (It consistently uses admin as the user name.) Successful logins are also uploaded to the same C&C server.
Over the course of a single day, this backdoor was used to try and attack more than 17,000 various domains. This would total more than 100,000 domains in the course of a single week. This was from a single infected machine alone; with any botnet of decent size many more sites would have been at risk from this attack.

Joomla and WordPress Sites Under Constant Attack From Botnets - TrendLabs Security Intelligence Blog

screenshot