WordPress’ network of blogs and websites is sixty-four million strong. The hit count on all of their sites together tops 371 million people every month. It represents a boon to coordinated online attacks by hackers utilizing botnets. These botnets open up the blog’s administrative page and insert malware, viruses or dummy links to sites that deliver these nasty surprises to any poor soul who clicks on them. Once this is done, they back out of the system and let the sheer volume of WordPress users and readers spread the botnet to millions more systems across the world.
WordPress, aware that a large scale attack was coming, increased their security measures by adding the optional two-step authentication to log-in to WordPress accounts. A week later the attacks began, taking advantage of those WordPress users who were slow to change to the two-step method.
Many people keep their administration page named “Admin”, which is the default name given it by WordPress. The hackers take advantage of this weakness and with a super-botnet 90,000 IP addresses strong, the hackers can try a different password each second for a 24-hour period.
The malware installed on the infected computers allows the hacker remote access to use it in a coordinated attack on another network. With access to just a percentage of WordPress client’s computers, the hackers could add millions of other computers to their network, thereby increasing the size of their super-botnet.. With a network the size of WordPress’s it could make the super-botnet millions of time stronger and faster. They could target any site or blog for a DDoS, or Distributed Denial of Service attack, essentially shutting that network down. The use of thousands, or millions of PC’s from all over the world makes these attacks difficult to defend against and even more difficult to trace to the source
You can follow any responses to this entry through the RSS 2.0 feed.
Leave your comment