SEPTEMBER 20, 2013
Your regular source of security updates from TrendLabsSM
In This Issue

Security Spotlight
Joomla! and WordPress, Under Botnet Assault

Security for Home Users
New iPhone 5 Launch Comes with Phishing Mails

Security for Business
Racing Attackers to Your Data

Security Spotlight

Joomla! and WordPress, Under Botnet Assault

Cybercriminals use compromised blogs in various ways—as redirectors and hosts for malicious files, as well as C&C servers.”

Blogs are an integral part of the Internet since they allow you to easily post original content. Unfortunately, cybercriminals also use blogs to either launch malicious attacks or host malware. We recently found a backdoor that should make bloggers and website administrators more cautious.

A Prolific Backdoor

The backdoor, detected as BKDR_FIDOBOT.A, uses brute force to break in to the administrator pages of several WordPress and Joomla! blogs. It then accesses a command-and-control (C&C) server that provides a list of target sites along with a database of commonly used passwords. Any successful break-in attempt is saved and uploaded to the same C&C server, possibly for future reference and cybercriminal use.

A single BKDR_FIDOBOT.A-infected computer can infiltrate more than 17,000 domains within a mere 24 hours, which would add up to more than 100,000 domains a week. If the cybercriminals used a botnet, the number of attacked blogs would have been far greater. Two-thirds of the total number of target blogs were from the United States. The rest were from countries in Europe like Germany, the United Kingdom, France, and the Netherlands.

Cybercriminals use compromised blogs in various ways—as redirectors and malicious-file hosts as well as C&C servers. The Stealrat botnet, for example, used several compromised WordPress sites to generate spam as well as conceal its operations. The Blackhole Exploit Kit also used WordPress sites to host final payloads, most of which were malware that stole personal information.

Tips for Bloggers

Attacks like these are common but there are ways you, bloggers, and blog administrators can secure your sites:

  • Update your blog management software. Regularly updating system software ensures that security flaws and vulnerabilities are patched.
  • Create longer passwords. Make log-in passwords with security in mind. Using long passwords with special characters and letters in different cases makes them harder to crack.
  • Install security plug-ins. If your blogging software has security plug-ins, take full advantage them.

Copyright ©2013 Trend Micro Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their respective owners. The information contained in this document is subject to change without prior notice.