Tag: Botnet

WordPress Under Attack

Huge attack on WordPress sites could spawn never before seen super botnet Ars Technica

There’s a headline tonight on ArsTechnica, the technology blog:

Huge attack on WordPress sites could spawn never-before-seen super botnet

This site runs on WordPress. So do all the other sites I build. Obviously, a scary headline.

Scary for ArsTechnica too. Their site is also built on WordPress.

This is pretty wicked stuff. It’s called a brute force attack because password after password is sent to the default “admin” account. The attackers are looking for sites protected with commonly used passwords.

Most of my sites don’t use “admin.” I’ll try and harden the rest this weekend. it’s a pretty simple change.

None of my sites use dictionary words for their password. This attack won’t work on me.

ArsTechnica speculates the huge bandwidth available through websites running WordPress could make these compromised machines the most powerful botnet ever seen!

This is like science fiction. Except it’s real.

The Hello How Are You Spam Stops

If you’ve been getting these spam emails would you please check and let me know when yours stopped. I doubt it will unlock any secrets, but it would be interesting to see how tightly controlled this army of spammers was.

I just got a blog comment from Richard in the Netherlands.

I have not received any “hello – how are you” spam since 19-09-2010 / 20:28 CET.

That sent me to my spam inbox. The last “hello – how are you” spam was received here Sunday at 2:18 PM EDT (1818 UTC or 2018 CET), ten minutes before Richard’s stopped. Up until that point they had been coming in sporadically sometimes as often as a few a minute other times once every 10-15 minutes.

If you’ve been getting these spam emails would you please check and let me know when yours stopped? I doubt it will unlock any secrets, but it would be interesting to see how tightly controlled this army of spammers was.

Meanwhile I don’t know any more than earlier. This whole thing is a puzzle. We may never know.

The New Spam: Hello – How Are You?

This is a test for sure. But what’s being tested? I have no clue.

Right now my email spam folder has nine emails unlike all the others. Though each claims to be from a different sender they’re all exactly alike. The subject is “hello” and the body is “how are you?” That’s it.

Like most spam its lineage is questionable. All the addresses are forgeries.

I opened a few to check the routing information. The first originated in Brazil. Another came from India. I suspect each of these spams comes from a different source. More than likely this is a botnet at work.

Someone has gone to a lot of trouble, but why? Seriously–this spam accomplishes nothing. There is no ad nor any payload (like a virus). Because most of the addressing info is forged these spams can’t report back on what they find.

This is a test for sure. But what’s being tested? I have no clue.

These “hello – how are you?” messages are one of two coordinated spam waves I’m currently seeing. The other contains snippets from various news stories run together into a large paragraph of unrelated sentences! Again it’s totally worthless to the spammer with no useful payload though it certainly requires a lot of resources.

Are you getting these to? I’d like to know.

Because so many of you are curious I’m including the source from one after the jump. The email was sent to a seemingly random, non-existent mailbox at geofffox.com. As with all my email it is then forwarded to a catch all box at Gmail.
Continue reading “The New Spam: Hello – How Are You?”