Anyone with a WordPress Needs to be on Alert

[DeeDee]

Huge Attack on WordPress Sites Could Begin Super Botnet

There is an ongoing attack on WordPress sites sweeping across the web and your install could be next.

Using more than 90,000 IP addresses, this attack is cracking admin logins on weak WordPress systems. One web hosting company warned that these attacks are part of a process of building a botnet that is “more destructive than those available today.”

http://wpdaily.co/super-botnet/

[Shadow]

Im not sure what wordpress is??? lol!!

[FurMonster Mom]

It's the platform that a LOT of websites use... think of it as a website formatting platform/webware

[DeeDee]

A LOT of people with blogs use it.

[Middle Child]

I didn't know what a word press is either. So it's the people who own the website (is the correct word domain?) that are at risk, not people who read or post on them?

[DeeDee]

I'm pretty sure that taking over the servers via the insecure WordPresses can enable the botnet to be able to infect more computers with the malware that turns your computer into another "botnet slave"--the power of your computer/Internet connection is used without your permission since one of the methods of making a slave is "Malware hidden in Java, ActiveX controls or accidental discharges" *see link 2 Their ultimate goal of course would be to have a bigger "botnet" to perform brute force attacks against the bigger systems and networks.

What a Bot Net is: http://netsecurity.about.com/od/frequentlyaskedquestions/a/What-Is-A-Bot-Net.htm

How to tell if you're a slave: http://www.fire-pk.com/showthread.php?t=7517

[Lola]

I'm pretty sure that taking over the servers via the insecure WordPresses can enable the botnet to be able to infect more computers with the malware that turns your computer into another "botnet slave"--the power of your computer/Internet connection is used without your permission since one of the methods of making a slave is "Malware hidden in Java, ActiveX controls or accidental discharges" *see link 2 Their ultimate goal of course would be to have a bigger "botnet" to perform brute force attacks against the bigger systems and networks.

What a Bot Net is: http://netsecurity.about.com/od/frequentlyaskedquestions/a/What-Is-A-Bot-Net.htm

How to tell if you're a slave: http://www.fire-pk.com/showthread.php?t=7517

Site Advisor didn't want me to go to the site of the second link.  Hmmmm
I have a "dead" PF blog with Wordpress. 

[DeeDee]

Site Advisor didn't want me to go to the site of the second link.  Hmmmm

I went ahead and rechecked and didn't get any flags from it, but here's the whole post anyway:


06-06-2011

How to tell if your PC is a slave of a botnet


Botnets have become a major tool for cybercrime, as it provides the possibility of large-scale attacks from all infected systems and anonymously.

A botnet is a network of computers infected by malicious code being controlled by an attacker, have their resources to work together and distributed.

When a computer has been affected by bot malware type is said to be a robot or zombie computer. By controlling the system remotely (in whole or in part), botnet owners can access them to perform various malicious tasks such as spam, conducting attacks distributed denial of service (DDoS), the file hosting for web sites (pornography, pedophile, warez, cracks, phishing sites, etc..), distribution and installation of new malware and abuse of online advertising.

Eset defines some signs that indicate when a computer is part of a botnet. It should be noted that while any malicious code can cause almost all symptoms of a bot, yet there are some signs that should not be overlooked:

1. The fan starts at full speed when the computer is idle:

This may indicate that a program is running without the user's knowledge and that you are using a considerable amount of resources. Of course, this could also be caused by the installation of Microsoft updates, for example. Another problem that can cause the fan to work is too much dirt in your computer or a failing CPU fan.

2. The computer takes a long time to shut down, or not done correctly:

Often the malware has errors that can cause a variety of symptoms, including shutting down the system very long or directly fails. Unfortunately, operating system errors or conflicts with legitimate programs can also cause the same symptom.

3. Observations in Facebook wall that has not sent:

There are some other reasons other than the malware and unauthorized access to the account to bring up this issue. If you see that happens, you definitely need to change your password and make sure the system is not infected. The ideal is to make sure the computer has no malware before changing the password and not use the Facebook code on different sites.

4. Applications are going very slow:

This may be because they are hidden programs using a large amount of computer resources. But it could also be caused by other problems.

5. Can not download operating system updates:

This is a symptom that can not be ignored. Even if it is being caused by a bot or other malware, if not keep security patches up to date the system is infected.

6. Can not download antivirus updates or visit websites of suppliers:

Malware often tries to avoid antivirus or security solutions are installed or executed. The failure to update antivirus or visit the manufacturer's website is a very strong indicator of the presence of malicious code.

7. Internet access is very slow:

If a bot is running on the system, for example, sending large amounts of spam, an attack against other computers or upload / download large amounts of data, can cause Internet access is very slow.

8. Friends and family have received emails that you sent:

This may be a sign of a bot or other malware, or your web mail account has been compromised by an attacker.

9. Open pop-ups and ads, even when not using a web browser:

While this is a classic sign of adware, bots can install this malware on your computer. You definitely have to address this problem.

10. The Windows Task Manager shows programs with strange names and descriptions:

Use Task Manager requires some skill and research. Sometimes legitimate software can use foreign names. An entry in the Task Manager is not sufficient to identify a program as harmful. While it can help you find malware, additional steps must be performed to validate the results. Remove processes, files or registry entries only on suspicion is a bot or other malware, can result in the team even starts.

Be very careful to make assumptions and take action on them. Although these signals can also be indicators of other types of malicious code are relevant signs warning about the possible infection of the team.

To confirm whether this is a botnet, it is advisable to scan the computer with an antivirus. In the case of Eset NOD32 Antivirus, Win32/Spy.Zbot detections, IRC / SdBot and Win32/AutoRun.IRCBot, among others, indicate the presence of bot malware type.

Are you part of a botnet?

The way to turn himself into a zombie PC are varied, but almost all involve the execution of malicious code inadvertently, especially on computers that have not applied the latest security patches. Some of the most common forms of infection are:

* Patches or cracks for checking out commercial programs
* Malware hidden in Java, ActiveX controls or accidental discharges
* Trojan (fake antivirus and P2P applications)
* Virus in email attachments
* Worms that use no firewall connections


To carry out their attacks, botnets require always-on computers and free Internet access, so infections are difficult to detect. ESET antivirus company has compiled a list of symptoms (similar to Microsoft), if your situation matches the one described, it is possible that your PC is a zombie.

* The computer operates without human intervention
* Problems shutting down or off defective
* Unusual slowness while browsing and sending emails
* Decrease significant performance
* Failure to update the antivirus
* Appearance of strange messages

After infection, very discreet, hidden process remains pending orders of the "shepherd" the villain behind the zombie network. His command can only be achieved if the machine is turned on, connected and no firewall involved.

Programs like TCPView or CurrPorts help you discover hidden processes that are using the Internet, one of them could be the virus. Another great diagnostic tool-is-BotHunter advanced, specialized in the detection of botnets and available for Windows, Mac and Linux.

The killer bots: RUBotted

Sometimes a standard antivirus is not enough to free the computer from the state of slavery, although its activation and updates, and use a firewall (for example, included in Windows) are strongly recommended preventive measures. If you want a specific vaccine, Trend Micro RUBotted test.
RUBotted controls network activity and running processes looking for suspicious patterns. In case of detecting malicious activity, alerts the user and offers options for disposal. Among the alternatives are RUBotted Removal Tool Microsoft Malicious Software and other free vaccines.

Made by my friend "pepon" my co-member of HF.

[Lola]

Thanks for the info, DeeDee.