Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
    • About Us
    blog.trendmicro.com Sites > TrendLabs Security Intelligence Blog > Hacked Sites > Brute-Force WordPress Attacks Affect Thousands of Sites

    In the past few weeks, many WordPress blogs have been under a large-scale brute force attack. These attacks use brute-force techniques to log into WordPress dashboards and plant malicious code onto compromised blogs and websites.

    It’s important to note what these attacks aren’t. They are not compromising WordPress blogs using known vulnerabilities in unpatched versions; if anything this current attack is less sophisticated than that – it merely tries to log into the default admin account with various passwords. If it is successful in logging in, it adds code for Blackhole Exploit Kit redirection pages to the blog.

    We have been monitoring these attacks, and we can confirm that they are indeed taking place. Because they add distinctive URLs to the blogs they have compromised, we can identify the scale of this attack, as seen by the Smart Protection Network.

    Over a one-day period, we identified more than 1,800 distinct sites that had been compromised by this attack. This represents a significant increase over the typical number of compromised WordPress sites that we encounter over the same period, highlighting the increased activity related to this particular campaign.

    Both users and site administrators can help mitigate threats like these. This particular attack only targeted administrator accounts that had not changed their default login name (admin). It is advisable that users change this to another login name of their choice. These and other steps to mitigate against this attack are outlined in WordPress’s online manual.

    As for users, because compromised sites like these are used by exploit kits, a good way to reduce these threats is to keep the software installed on your system up to date. Many applications today include some form of automatic updating, which (unfortunately) many users ignore. We have covered some of this in our guides on using Java and Flash safely in the past, which can be checked for reference.

    We’re trying to make the Security Intelligence Blog better. Please take this survey to tell us how.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Monday, April 22nd, 2013 at 3:08 pm and is filed under Hacked Sites . Both comments and pings are currently closed.



    Comments are closed.



     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice