Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

New Trojan compromises blog sites in Russia and other countries

August 6, 2013

Russian anti-virus company Doctor Web is warning users about the malicious program Trojan.WPCracker.1 designed to compromise blogs and sites managed with popular CMSs such as Wordpress. With the Trojan, attackers can change the content of blogs or infect them with other malware that will threaten future visitors. The upsurge of attacks on websites noted by many security experts can be connected with the spread of Trojan.WPCracker.1.

Once on an infected computer, Trojan.WPCracker.1 copies itself to one of the system folders and modifies the registry branch which is responsible for launching applications automatically at system startup. Then the Trojan connects to a remote server controlled by criminals.

Attackers send a list of blogs and sites administered with popular CMSs, including Wordpress and Joomla, to the Trojan and then the Trojan starts cracking their access passwords. If successful, the Trojan sends the acquired information to the server.

After that, the authors of Trojan.WPCracker.1 sell the access data to a third party (usually, to other criminals).

What is the danger of Trojan.WPCracker.1? Criminals can use it to change the content of the compromised blog or embed malicious code into the site, to infect the systems of visitors. This Trojan may be behind the increase in brute-force attacks on websites—a phenomenon registered by many security experts.

The signature of the threat has been added to the Dr.Web virus database, so it does not pose a serious danger to systems protected by Dr.Web software.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040