Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>WordPress hit with Torrent attacks and malicious JavaScript

WordPress hit with Torrent attacks and malicious JavaScript


Researchers spotted a backdoor Trojan that uses torrents as a delivery medium and uses distributed brute force attacks to exploit weak WordPress administrator accounts as well as an infection that injects malicious code into .js files.  Dubbed as “Sathurbot”, the Trojan is disguised in a software torrent containing an apparent installer executable and a small text file which both have the objective of enticing the victim to run the executable which loads the Sathurbot DLL. The Trojan can update itself as well as download and start other executables and comes with some 5,000 puls generic word that are randomly combines to form a 2-4 word phrase combination used as a query string via the Google, Bing and Yandex search engines. The researchers also spotted a WordPress infection which injects JavaScript code into almost every .js file it can find.
Source:
SC Magazine
 
WeliveSecurity
  
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis