WordPress TimThumb Botnets Spreads Status – second edition

Since the discovery of the WordPress TimThumb vulnerability in August 2011 by Mark Maunder, the vulnerability has been used as botnet recruitment vector, and has now spread in multiple botnets. Hundreds of WordPress blogs have been hacked, allowing potential infection of the blogs visitors, diffusion of spam and phishing campaign, DDoS, hack of other web sites (such as …

SUC029 : WordPress TimThumb RFI Web Scanner/Robot

Use Case Reference : SUC029 Use Case Title : WordPress TimThumb RFI Web Scanner/Robot Use Case Detection : IDS / HTTP logs Attacker Class : Opportunists Attack Sophistication : Unsophisticated Identified tool(s) : ByroeNet scanners variant Source IP(s) : Random Source Countries : Random Source Port(s) : Random Destination Port(s) : 80/TCP, 443/TCP Possible(s) correlation(s) : Related …

WordPress TimThumb Botnets Spreads Status – first edition

Since the discovery of the WordPress TimThumb vulnerability in August 2011 by Mark Maunder, the vulnerability has been used as botnet recruitment vector, and has now spread in multiple botnets. Hundreds of WordPress blogs have been hacked, allowing potential infection of the blogs visitors, diffusion of spam and phishing campaign, DDoS, hack of other web sites (such as …

WordPress TimThumb Botnet Visualization and Status

In a previous blogpost I have demonstrate that the WordPress TimThumb RFI vulnerability is used as a botnet recruitment vector. Since this blogpost 1 month has occur, and two and half months since our HoneyNet is gathering events about this botnet. Actually we have see 30 different domains, related to 37 different IP addresses used …