Cybercrooks are running a wide-ranging password-guessing attack against some of the most widely used blogging and content management systems on the net.
The so-called Fort Disco cracking campaign began in late May this year and is still ongoing, DDoS mitigation firm Arbor Networks warns. Arbor has identified six command-and-control (C&C) systems associated with Fort Disco that collectively control a botnet of over 25,000 infected Windows servers. More than 6,000 Joomla, WordPress, and Datalife Engine installations have been the victims of password guessing.
Four strains of Windows malware are associated with the campaign, each of which caused infected machines to phone home to a hard-coded command and control domain — via redwolf.newsvine.com