Arbor Networks uncovers large-scale password bruteforcing campaign – and CSO discovers that it’s growing larger every day

Arbor Networks have recently released a report that claims to have uncovered a large-scale password bruteforcing campaign that’s been in operation since April this year.
For the last few months, the campaign has reportedly been targeting websites running the Wordpress or Joomla blogging platforms, while a smaller number of attacks have been aimed at Datalife Engine, a Russian platform.

Infected Windows computers are used to bruteforce domains by targeting administration pages and guessing typical usernames and passwords until they gain access to the accounts. PHP shell files that grant complete control over the webserver are then disguised as add-ons to Wordpress, Joomla or Datalife Engine, and are uploaded to the system.

Arbor Networks have managed to at least partially trace the hackers, thanks to the inclusion of hardcoded Command & Control addresses in the malware. The discovery of these addresses meant that Arbor Networks was able to uncover the attacker’s logs, in turn uncovering unprecedented additional information about the scale of the campaign.

The logs suggest that there are around 25,000 infected Windows computers and over 6,000 domains that have been compromised, most of which are located in Russia and the Ukraine. Security website CSO has also discovered that attempts against domains in different countries are increasing, so it would appear that this campaign is becoming bigger and more complex – and thanks to the fact that the attackers have modified the malware to stop it recording logs that sites like CSO can access, there is no way to check the most recent statistics and details.

As things stand, it appears that you’ll only be at risk of this botnet if you work for a company that utilises one of the blogging platforms, but that’s not to say that the malware won’t evolve to target private computers. It’s therefore wise to change your password to something more complex, with lots of numbers and symbols in it, to minimise the risk.

Whilst a VPN service would not be able to defend against an attack of this nature, it's another wise protective measure that you can take to shield your computer when browsing the internet, allowing you to encrypt your internet traffic for increased security.