
Application Security News for August
German Man Behind IRC-Controlled WordPress Botnet
A German man is most likely behind a series of compromised WordPress websites that are linked together into a botnet and controlled with the help of a hidden IRC channel.
It's currently unknown how these sites are being compromised. According to WordFence, a vendor of security products for WordPress, the hacker works by adding a PHP file with 25,000 lines of code to all websites he manages to gain access.
This file is a bot client which connects to an IRC (Internet Relay Chat) server and listens to instructions posted in the main chat. Whenever the botnet's owner logs in and gives out a command, all infected websites execute it.
While WordFence has not elaborated on the bot client's technical capabilities, such botnets can be used to launch DDoS attacks, brute-force attacks, insert SEO spam on the compromised websites, or send spam email from the underlying compromised servers.
...
Webmasters that noticed their hacked websites, often asked for help in cracking this password, but to no avail. A Google search reveals requests as early as December 2012, meaning the crook's botnet has been around for almost four years.
LinkedIn sues anonymous data scrapers
LinkedIn’s case accuses the anonymous scrapers of building a massive botnet and circumventing the restrictions LinkedIn uses to prevent profile collection by undesirable third parties.
The lawsuit details several of LinkedIn’s automated tools that prevent data harvesting. Dubbed FUSE, Quicksand and Sentinel, these tools monitor the web traffic of LinkedIn users and limit how many other profiles a user can view, and how quickly a user can view those profiles. This tracking is intended to prevent scrapers from signing up for fake LinkedIn profiles and then vacuuming up vast amounts of data. The company also uses a tool called Org Block to block IP addresses it suspects of scraping and uses Member and Guest Request Scoring to track page requests.But paradoxically, LinkedIn doesn’t want to prohibit scraping altogether. Search engines like Google use bots to index websites and turn up relevant results — and LinkedIn wants to allow this type of scraping to occur.
...
Similar CFAA lawsuits, like Craigslist’s against 3Taps and Facebook’s against Power Ventures, have been favorable to the plaintiffs, so LinkedIn has a good shot at shutting down its scrapers. Twitch filed a comparable CFAA lawsuit against view-bots earlier this summer, in which the live stream site alleged that using bots to inflate a channel’s view count amounts to an unauthorized access of Twitch’s ‘protected computers.’ However, Twitch’s complaint also claims a number of other violations, including trademark infringement.
Clearly, companies are interested in stamping out certain kinds of bots. But other scraping, like that done by search engines and web archiving services like the Wayback Machine, is welcomed. That dichotomy could create an anti-competitive business atmosphere, the Electronic Frontier Foundation argues.
From DarkReading: Hacking Lunch


Securing your web application need not be difficult. The Barracuda Web Application Firewall exists to secure your web applications easily and provide you with peace of mind. Once you deploy the Barracuda Web Application Firewall in front of your web application, it is trivially easy to setup a HTTPS front end and enable complete application security. The Barracuda Web Application Firewall provides complete security against all web attacks (pdf), including application DDoS and Web Scraping. We offer several deployment options, including physical and virtual appliances, and Azure, AWS, and vCloud Air. Try it in your environment for 30 days, risk-free.

Tushar Richabadas is a Product Manager for the Barracuda Web Application Firewall team in our India office. You can connect with him on LinkedIn here.
Search the blog

The Ransomware Insights Report 2025
Key findings about the experience and impact of ransomware on organizations worldwide
Subscribe to the Barracuda Blog.
Sign up to receive threat spotlights, industry commentary, and more.

Managed Vulnerability Security: Faster remediation, fewer risks, easier compliance
See how easy it can be to find the vulnerabilities cybercriminals want to exploit