A botnet of over 20,000 WordPress sites is attacking other WordPress sites

[silversurfer]

Botnet is still up and running but law enforcement has been notified.

Crooks controlling a network of over 20,000 already-infected WordPress installations are using these sites to launch attacks on other WordPress sites, ZDNet has learned from WordPress security firm Defiant.

The company, which manages and publishes the Wordfence plugin, a firewall system for WordPress sites, says it detected over five million login attempts in the last month from already-infected sites against other, clean WordPress portals.

The attacks are what security experts call "dictionary attacks." These are repeated login attempts during which hackers test a series of username and password combinations, hoping to score a hit and gain access to an account.

Defiant security researcher Mikey Veenstra says the company has managed to gain an insight into how this botnet operates. In a report published a few minutes ago and shared with ZDNet, the researcher said Defiant investigators discovered that at the top of this botnet stands hydra-like head of four command and control servers that instruct already-infected sites on which other sites to attack.

Source: https://www.zdnet.com/article/a-botnet-o...ess-sites/