Attack drags thousands of internet users into password-cracking botnet
Attack drags thousands of internet users into password-cracking botnet
Enlarge
Getty
Pictures
Attackers
to have
transformed
hundreds
of
pirate
sites
running
WordPress
software
In
command and control
waiters
that
force
visitors'
browsers
has
perform
password cracking
attacks.
A
the Web
research
For
THE
JavaScript
that
carried out
THE
attack
watch
he
was
hosted
on
708
sites
has
THE
time
This
job
went
live
on
Ars,
up
Since
500
two
days
There is.
Dennis
Sinegoubko,
THE
searcher
WHO
spotted
THE
campaign,
said
has
THE
time
that
he
had
seen
thousands
of
visitor
computers
running
THE
scenario,
which
cause
them
has
reach
out
has
thousands
of
areas
In
A
attempt
has
guess
THE
Passwords
of
usernames
with
accounts
on
them.
Visitors
involuntarily
recruited
"This
East
how
thousands
of
visitors
through
hundreds
of
infected
websites
without knowing
And
simultaneously
to try
has
Brute force
thousands
of
other
third party
WordPress
sites,"
Sinegoubko
wrote.
"And
Since
THE
requests
come
Since
THE
browsers
of
real
visitors,
You
can
imagine
This
East
A
challenge
has
filtered
And
block
such
requests. »
As
THE
pirate
websites
accommodation
THE
malicious
JavaScript,
all
THE
target
areas
are
running
THE
WordPress
content
management
system.
THE
script—just
3
kilobits
In
size – reached
out
has
A
controlled by the attacker
getTaskURL,
which
In
turn
provides
THE
name
of
A
specific
user
on
A
specific
WordPress
site,
along
with
100
common
Passwords.
When
This
data
East
fed
In
THE
Navigator
to visit
THE
pirate
site,
he
attempts
has
save
In
THE
target
user
account
using
THE
candidate
Passwords.
THE
JavaScript
works
In
A
loop,
asking
Tasks
Since
THE
get task url
report
THE
results
has
THE
Full task URL,
And
SO
perform
THE
not
Again
And
once again.
A
fragment
of
THE
hosted
JavaScript
appears
below,
And
below
that,
THE
resulting
task:
With
418
password
batches
as
of
Tuesday,
Sinegoubko
has
concluded
THE
attackers
are
trying
41,800
Passwords
against
each
target
site.
Sinegoubko
wrote:
Attack
steps
And
life cycle
THE
attack
consists
of
five
key
steps
that
allow
A
bad
actor
has
leverage
Already
compromise
websites
has
launch
distributed
bully
force
attacks
against
thousands
of
other
potential
victim
sites.
Scene
1:
Get
URL
of
WordPress
sites.
THE
attackers
either
crawl
THE
the Internet
themselves
Or
to use
miscellaneous
research
engines
And
data base
has
get
lists
of
target
WordPress
sites.
Scene
2:
Extract
author
usernames.
Attackers
SO
analysis
THE
target
sites,
extraction
real
usernames
of
authors
that
job
on
those
areas.
Scene
3:
Inject
malicious
scripts.
Attackers
SO
inject
their
dynamic-linx[.]com/chx.js
scenario
has
websites
that
they
to have
Already
compromise.
Scene
4:
Bully
force
credentials.
As
normal
site
visitors
open
infected
the Web
pages,
THE
malicious
scenario
East
charge.
Behind
THE
scenes,
THE
visitors'
browsers
to drive
A
distributed
bully
force
tackle...
Attackers
to have
transformed
hundreds
of
pirate
sites
running
WordPress
software
In
command and control
waiters
that
force
visitors'
browsers
has
perform
password cracking
attacks.
A
the Web
research
For
THE
JavaScript
that
carried out
THE
attack
watch
he
was
hosted
on
708
sites
has
THE
time
This
job
went
live
on
Ars,
up
Since
500
two
days
There is.
Dennis
Sinegoubko,
THE
searcher
WHO
spotted
THE
campaign,
said
has
THE
time
that
he
had
seen
thousands
of
visitor
computers
running
THE
scenario,
which
cause
them
has
reach
out
has
thousands
of
areas
In
A
attempt
has
guess
THE
Passwords
of
usernames
with
accounts
on
them.
Visitors
involuntarily
recruited
"This
East
how
thousands
of
visitors
through
hundreds
of
infected
websites
without knowing
And
simultaneously
to try
has
Brute force
thousands
of
other
third party
WordPress
sites,"
Sinegoubko
wrote.
"And
Since
THE
requests
come
Since
THE
browsers
of
real
visitors,
You
can
imagine
This
East
A
challenge
has
filtered
And
block
such
requests. »
As
THE
pirate
websites
accommodation
THE
malicious
JavaScript,
all
THE
target
areas
are
running
THE
WordPress
content
management
system.
THE
script—just
3
kilobits
In
size – reached
out
has
A
controlled by the attacker
getTaskURL,
which
In
turn
provides
THE
name
of
A
specific
user
on
A
specific
WordPress
site,
along
with
100
common
Passwords.
When
This
data
East
fed
In
THE
Navigator
to visit
THE
pirate
site,
he
attempts
has
save
In
THE
target
user
account
using
THE
candidate
Passwords.
THE
JavaScript
works
In
A
loop,
asking
Tasks
Since
THE
get task url
report
THE
results
has
THE
Full task URL,
And
SO
perform
THE
not
Again
And
once again.
A
fragment
of
THE
hosted
JavaScript
appears
below,
And
below
that,
THE
resulting
task:
With
418
password
batches
as
of
Tuesday,
Sinegoubko
has
concluded
THE
attackers
are
trying
41,800
Passwords
against
each
target
site.
Sinegoubko
wrote:
Attack
steps
And
life cycle
THE
attack
consists
of
five
key
steps
that
allow
A
bad
actor
has
leverage
Already
compromise
websites
has
launch
distributed
bully
force
attacks
against
thousands
of
other
potential
victim
sites.
Scene
1:
Get
URL
of
WordPress
sites.
THE
attackers
either
crawl
THE
the Internet
themselves
Or
to use
miscellaneous
research
engines
And
data base
has
get
lists
of
target
WordPress
sites.
Scene
2:
Extract
author
usernames.
Attackers
SO
analysis
THE
target
sites,
extraction
real
usernames
of
authors
that
job
on
those
areas.
Scene
3:
Inject
malicious
scripts.
Attackers
SO
inject
their
dynamic-linx[.]com/chx.js
scenario
has
websites
that
they
to have
Already
compromise.
Scene
4:
Bully
force
credentials.
As
normal
site
visitors
open
infected
the Web
pages,
THE
malicious
scenario
East
charge.
Behind
THE
scenes,
THE
visitors'
browsers
to drive
A
distributed
bully
force
tackle...