Fortune Disco malware returns refreshed for brute-force attacks on emails and ftps


security-protection-hackingA malware which was designed to carry out brute-force attacks against websites that use popular content management systems such as WordPress and the Joomla has begun to be used for attacks on email and FTP servers.

Malware known as Fort Disco was discovered in August by researchers Arbor Networks. The company estimates that it had infected more than 25.000 computers with Windows and had been used to guess administrator passwords for more than 6.000 websites with WordPress, Joomla and DataLife.

Once it infects a computer, it malware connects to the C&C server to get instructions, which usually include a list of targets with thousands of web pages and password dictionaries to help malware try to gain access to administrators' accounts.

Malware is called Fort Disco and seems to be evolving, according to the security company Abuse.ch a service that detects botnet. This time it seems to be banging accounts POP3 and FTPs, says InfoWorld.

The Post Office Protocol, version 3 (POP3) allows email clients to connect to e-mail servers and retrieve messages from existing accounts.

The C&C server in this particular variant of Disco Fort responds with a list of domains accompanied by corresponding MX registrations (mail exchange registrations). The registrations MX specify which servers handle the email service for those domains.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.

The C&C server also provides a list of standard email accounts - usually with information about admin, info and support emails - for malware to try. brute-force to discover the password, as reported by Abuse.ch.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news