Downloads: Free Remote Support: Click here  Remote Monitoring: Click here

News

<a href="/news/brute-force-malware-now-targeting-email-and-ftp-servers" title="Brute-Force Malware Now Targeting Email and FTP Servers">Brute-Force Malware Now Targeting Email and FTP Servers</a>
Posted on: 03 Oct 2013 

Posted By: Site Admin

Brute-Force Malware Now Targeting Email and FTP Servers

 
 

A dangerous piece of malware, which has been attacking websites using popular content management systems such as WordPress and Joomla, has now evolved and begun to target email and FTP servers.

Known as Fort Disco, the malware was originally discovered back in August and is believed to have infected more than 25,000 Windows systems and used to guess the passwords on over 6,000 WordPress, Joomla and Datalife Engine websites – platforms that are all popular with small and medium-sized businesses.

According to a report by PCWorld, once on a computer, the malware is able to periodically connect to a command-and-control server to receive instructions, which include lists of websites to target along with passwords to try. 

Now it seems that the same malware is brute-forcing POP3 servers that are widely used for email authentication and FTP sites, most notably, of course, Gmail and Outlook (formerly Hotmail).

The Swiss blog Abuse.ch has been forensically analysing Fort Disco and has revealed that the command-and-control (C&C) server being used responds with a list of domain names and their accompanying mail exchanger (MX) records, which are used to specify the servers that are handling the email service for the particular domain.

Abuse.ch also noted that the C&C server supplies a list of standard email accounts for the malware to attempt to brute-force the password.

Another group of researchers over at Shadowserver, a botnet-tracking organisation, told the Swiss researchers that they have seen the malware being used to brute-force FTP credentials with the same methodology.

Take control before the botnets do

It’s clear what the end goal of Fort Disco is – to take control. Whether its webmail, CMS or FTP, the idea is to use brute force to get in and take over your system. Server-side hosts give botnets the chance to control numerous websites at once and carry out DDoS attacks and widespread spamming. The way for you to stop botnets doing this is to take control of your system before they do. You can do this by installing cloud web security.

At ITWiser, we have developed our cloud web security service to prevent malware just like Fort Disco, by employing advanced antivirus protection and a powerful antispyware and antimalware engine that routinely scans for, and blocks, any threat at cloud level.

To take advantage of the peace of mind that cloud web security offers, get in touch with us today by clicking on this link.
 
The Register