Get to know the new Botnet Fort Disco first


digital-securitySecurity company Arbor Networks reports that a new botnet, Fort Disco, consisting of more than 25.000 Windows computers, targets blogs and content management systems CMSes. Once he has managed to infect the blogs he uses it to spread botnet malware and attack other systems.

Matthew Bing, a researcher-analyst at the Arbor Security Engineering & Response Team (Assertion), said: “Arbor ASERT was able to locate the botnet we named Fort Disco. The botnet started its activity at the end of May 2013 and continues. We have identified six different administration and control domains (DC) that control a botnet that consists of 25.000 infected Windows computers. Up to now, over 6.000 websites with Joomla, WordPressAnd Datalife Engine were victims of the botnet that discovered passwords with brute-force attacks. ”

Arbor Networks has found that there are at least four variants of the Windows malware used by the Fort Disco botnet. These, in turn, seem to come from what security expert Brian Krebs calls high-end, "malware-as-a-service" from Styx Exploit kit.

The infected Windows systems that make up Fort Disco then with brute-force attacks discover passwords for PHP and CMSes that run on PHP. The botnet has installed a variation of its very common "FilesMan" PHP back-door in almost 800 PHP-powered sites.

All infected systems, in turn, are controlled by C&C servers located in Russia and Ukraine.

So far, Fort Disco has been used only for blogs and CMS websites. This will not last as ZDNet says.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

Bing said, "Blogs and CMS sites are hosted in data centers that have huge reserves of bandwidth. ). We have many examples of large botnets being used to attack US banks with distributed denial of service attacks (DDoS).


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news