Brute-force malware targets email and FTP servers

Webroot's picture
Printer-friendly versionPrinter-friendly version
  • Float this Topic to the Top

Brute-force malware targets email and FTP servers

A piece of malware designed to launch brute-force password guessing attacks against websites built with popular content management systems like WordPress and Joomla has started being used to also attack email and FTP servers.

The malware is known as Fort Disco and was documented in August by researchers from DDoS mitigation vendor Arbor Networks who estimated that it had infected over 25,000 Windows computers and had been used to guess administrator account passwords on over 6,000 WordPress, Joomla and Datalife Engine websites.

Once it infects a computer, the malware periodically connects to a command and control (C&C) server to retrieve instructions, which usually include a list of thousands of websites to target and a password that should be tried to access their administrator accounts.

The Fort Disco malware seems to be evolving, according to a Swiss security researcher who maintains the botnet tracking service. "Going down the rabbit hole, I found a sample of this particular malware that was brute-forcing POP3 instead of WordPress credentials," he said Monday in a blog post.

Message 1 of 3



0 Kudos

Please use plain text.



Retired Webrooter

Posts: 2,308

Topics: 299

Kudos: 1,337

Registered: ‎01-19-2012

Re: Brute-force malware targets email and FTP servers


‎10-01-2013 10:01 AM

We talked about this in August as well.   


I guess it's still Stayin' Alive.

/// JimM ///
/// Former Community Manager - Now Humble Internet Citizen///
/// Also Formerly a Technical Support Escalations Engineer ///

Message 2 of 3



0 Kudos

Please use plain text.



Sr. Community Guide

Posts: 621

Topics: 416

Kudos: 354

Registered: ‎06-02-2014

Re: Brute-force malware targets email and FTP servers


10 hours ago

The following article is a update on Brute-force malware


(Brute-force bot busts shonky PoS passwords)


By: By Darren Pauli, 10 Jul 2014


A botnet has compromised 60 point of sale (PoS) terminals by brute-force password attacks against poorly-secured connections, FireEye researchers say.

The trio including Nart Villeneuve, Joshua Homan and Kyle Wilhoit found 51 of the 60 popped PoS boxes were based in the United States.

The attacks were basic and targeted remote desktop protocol terminals that used shamefully simple passwords such as 'password1', 'administrator' and 'pos'.

Copy this html code to your website/blog to embed this press release.


Post new comment

4 + 12 =

To prevent automated spam submissions leave this field empty.
Page execution time was 524.41 ms.

Memory usage:

Memory used at: devel_init()=2.13 MB, devel_shutdown()=22.62 MB.