Express Computer

Home  »  News  »  Indonesia-based botnet KashmirBlack hits popular CMS platforms

Indonesia-based botnet KashmirBlack hits popular CMS platforms

NewsSecurity
By IANS
0 175

Cyber security researchers have unearthed a massive botnet network called KashmirBlack, being run from Indonesia, that has attacked websites running popular content management systems (CMSs) like WordPress, Drupal and Joomla!, among others.

The highly-sophisticated botnet is believed to have infected hundreds of thousands of websites by attacking their underlying CMS platforms, according to US-based cyber security form Imperva.

The botnet’s primary purpose appears to infect websites, and then use their servers for cryptocurrency mining.

Based in Indonesia, the hackers have a command-and-control (C&C) infrastructure to operate KashmirBlack.

According to researchers, the botnet is the work of a hacker named “Exect1337”, a member of the Indonesian hacker crew PhantomGhost.

The C&C server is a centralised machine able to send commands and receive telemetries from machines that are part of a botnet.

“The KashmirBlack C&C has three main roles: Supply a Perl script that infects the victim server with the botnet malicious script, receive reports of findings and attack results from bots and supply bots with attack instructions,” said Imperva in a two-part series.

“By analysing the attack instructions received by our dummy ‘spreading bot’, we discovered that most of the attack’s target victim sites were located in the US,” the researchers noted.

The KashmirBlack C&C has a scanner that searches for sites running CMS platforms, creates an attack instruction with the newly- found sites, and pushes it into a queue waiting for bots to receive them and attack.

The team found more than 20 distinct exploits.

Some exploits attacked the CMS itself, while others attacked some of their inner components and libraries, reports ZDNet.

“During our research we witnessed its evolution from a medium-volume botnet with basic abilities to a massive infrastructure that is here to stay,” said Imperva researchers.

The team advised several actions that should be performed in case your server is infected by the KashmirBlack botnet.

“Kill malicious processes, remove malicious files, remove suspicious and unfamiliar jobs and remove unused plugins and themes”.

The site administrator should ensure the CMS core files and third-party modules are always up-to-date and properly configured.

“Strong and unique passwords are recommended, as they are the first defence against brute force attacks,” Imperva said.

–IANS

Get real time updates directly on you device, subscribe now.

IANS
You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image