Report: Password thieves now target blogs, CMS sites

Blogs and content management sites appear to be the most attractive targets for password thieves, a tech site reported.

PC World quoted David Britton, vice president of industry solutions at 41st Parameter, as saying such sites tend to be less secure and vulnerable to drive-by malware.

"With these types of interactive sites being compromised, we see more evidence of the developing attack trend that is focusing less on direct financial gain and more on gathering more detailed personal data," Britton told PC World in an email.

Such an approach lets fraudsters build "much more complex social engineering attacks that result in an eventual larger payoff," he added.

With this mindset, attackers are setting their sights on sites based on CMS platforms like WordPress and Joomla.

This is because a vulnerability in one platform can be uniformly exploited to compromise many websites.

"Hackers are always looking to get the most profit for the least work. With these CMS systems, they can do their work once and then hack many, many sites," said Barry Shteiman, a senior security strategist at Imperva.

For his part, ZScaler security research vice president Michael Sutton noted CMS systems like WordPress are easy to use but attracts users who are not too security-minded.

"WordPress is designed to be fairly easy and straightforward to install, so security is an afterthought for many of its users," he said.

Disco fort

PC World cited a recent brute-force attack dubbed "Disco Fort," which used 25,000 infected Windows machines to target some 6,000 blog sites.

The "Disco Fort" attack plants "backdoor" software on it so a remote attacker can instruct it to download files and execute other commands.

Making matters easier for them is that many of the targeted systems had passwords like "admin," "123456," "123123," 12345," "pass," "123456789," "1234 150," "abc123" and "123321," it said. — VC, GMA News