Information Security News
mailing list archives
Tactics of WordPress attackers similar to bank assaults
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 18 Apr 2013 04:15:09 -0500 (CDT)
By Antone Gonsalves
April 16, 2013
Cybercriminals are attacking servers hosting WordPress sites in an attempt to
build a potent botnet that would be eerily similar to one used last year to
attack major U.S. financial institutions.
The motives of the latest attackers is not known. However, their tactics
resemble those used to build the infamous Brobot botnet, in which the attackers
compromised PHP-based websites powered by the Joomla and WordPress content
management systems. It was used to attack financial institutions including as
U.S. Bancorp, JPMorgan Chase & Co., Bank of America, PNC Financial Services
Group and SunTrust Banks.
The similarities have some security experts worried. "I don't think we can know
exactly what the motivations for the attacks are right now, but the concern is
this attack could be building something very similar and its scale is pretty
significant," said Matthew Prince, co-founder and chief executive of
In both attacks, the criminals used a botnet comprised of home personal
computers to attack hosting servers in order to build a far more powerful
network. In the latest assaults, the hackers are using a so-called
"brute-force" attack, which involves trying many combinations of commonly used
user names and passwords.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Tactics of WordPress attackers similar to bank assaults InfoSec News (Apr 18)