Brute-force malware targets email and FTP servers

Researchers find Fort Disco malware variants launching brute force password guessing attacks against POP3 and FTP servers

A piece of malware designed to launch brute-force password guessing attacks against websites built with popular content management systems like WordPress and Joomla has started being used to also attack email and FTP servers.

The malware is known as Fort Disco and was documented in August by researchers from DDoS mitigation vendor Arbor Networks who estimated that it had infected over 25,000 Windows computers and had been used to guess administrator account passwords on over 6,000 WordPress, Joomla and Datalife Engine websites.

Once it infects a computer, the malware periodically connects to a command and control (C&C) server to retrieve instructions, which usually include a list of thousands of websites to target and a password that should be tried to access their administrator accounts.

The Fort Disco malware seems to be evolving, according to a Swiss security researcher who maintains the Abuse.ch botnet tracking service. "Going down the rabbit hole, I found a sample of this particular malware that was brute-forcing POP3 instead of WordPress credentials," he said Monday in a blog post.

The Post Office Protocol version 3 (POP3) allows email clients to connect to email servers and retrieve messages from existing accounts.

The C&C server for this particular Fort Disco variant responds with a list of domain names accompanied by their corresponding MX records (mail exchanger records). The MX records specify which servers are handling email service for those particular domains.

The C&C server also supplies a list of standard email accounts -- usually admin, info and support -- for which the malware should try to brute force the password, the Abuse.ch maintainer said.

"While speaking with the guys over at Shadowserver [an organization that tracks botnets], they reported that they have seen this malware family bruteforcing FTP credentials using the same methodology," he said.

Brute-force password guessing attacks against websites using WordPress and other popular CMSes are relatively common, but they are usually performed using malicious Python or Perl scripts hosted on rogue servers, the researcher said. With this malware, cybercriminals created a way to distribute their attacks across a large number of machines and also attack POP3 and FTP servers, he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitymalwareintrusionarbor networksAccess control and authentication

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?