A Trojan designed to compromise blogs and sites managed with popular content management systems such as Wordpress and Joomla, has been uncovered by Dr Web, a Russian anti-virus company.
The Trojan allows attackers to alter the content of blogs or infect them with other malware that will endanger the blog's readers.
According to Dr Web, once it has infected the machine, Trojan.WPCracker.1 copies itself to one of the system folders and modifies the registry branch that launches applications automatically at system start-up. It then connects to a malicious command and control server.
The cyber criminals then send a list of blogs and sites that use popular content management systems to the Trojan, which then begins cracking their access passwords.
Any access information stolen is sent to the server by the Trojan and monetised by being sold to a third-party.
Dr Web says the Trojan is dangerous, because over and above it allowing cyber crooks to alter blogs and inject them with malicious code, it might be behind a recent increase in brute-force attacks on Web sites.
Common Trojans
* Zeus is notorious for stealing banking information by man-in-the-browser keystroke logging and form grabbing. It is spread mainly through drive-by downloads and phishing schemes.
* NetBus or Netbus is a software program for remotely controlling a MS Windows computer system over a network. It was created in 1998 and has been controversial for its potential of being used as a backdoor.
* Back Orifice (often shortened to BO) was designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.
* Beast is a Windows-based backdoor Trojan, more commonly known as a remote administration tool or RAT. Beast was one of the first Trojans to feature a reverse connection to its victims, and once established, it gave the attacker complete control over the infected computer.
* ZeroAccess, also known as max++ and Sirefef, is a Trojan that affects MS Windows operating systems. It is used to download other malware on an infected machine and to form a botnet mostly involved in Bitcoin mining and click fraud.
Share