Threat Management

Novel GoTrim botnet targets WordPress sites

Share

BleepingComputer reports that WordPress websites are being targeted by new GoTrim botnet malware in an ongoing campaign, which seeks to brute-force administrator passwords to facilitate site takeovers and further attacks. GoTrim's botnet network has been fed with various target websites, which the malware connects to as it works to brute-force the sites' admin accounts using credentials that were also inputted to the botnet network, according to a Fortinet report. After successfully infiltrating admin accounts, GoTrim proceeds to leverage PHP scripts to enable bot client retrieval before establishing a connection with the command-and-control server. Different encrypted commands sent to GoTrim include those for validating credentials against WordPress, Joomla!, Data Life Engine, and OpenCart domains, as well as identifying the installation of such instances on the domain, and ending the malware. The report also showed that GoTrim has been bypassing detection by targeting self-hosted sites, instead of those hosted on WordPress.com, as well as spoofing Firefox on 64-bit Windows requests.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.