Wordpress blogs suffer a large scale brute force attack

A big number of Wordpress blogs are suffering a large-scale brute force attack. Bots are trying to log into administrative panel of each Wordpress blog, using the username “admin” and trying thousands of passwords.

Experts state that such attacks have been discovered long ago but the peak of malicious activity was recorded in April. Scammers carry up to 77 thousand attempts daily to log into the Wordpress admin panels. The attackers use ten thousands of unique IP-addresses. The most common variants of passwords used by hackers are: admin, 123456, 666666, 111111 and 12345678.

Currently the fraudsters use a relatively weak botnet consisting of PCs in order to create a large botnet of servers, which will allow to conduct powerful DDoS-attacks. The same tactics was used in autumn 2012 when administrators of the botnet itsoknoproblembro / Brobot attacked the U.S. financial companies.