Fort Disco

By GoldSparrow in Malware

Threat Scorecard

Ranking: 11,359
Threat Level: 20 % (Normal)
Infected Computers: 749
First Seen: August 16, 2013
Last Seen: September 8, 2023
OS(es) Affected: Windows

Fort Disco is a dangerous botnet that has been associated with a wave of attacks on blogs and websites that use popular content management systems such as WordPress. Fort Disco attacks have infected more than 25000 targets, mainly infecting blogs and websites with poor security protection or badly implemented content management systems. Fort Disco attacks were first reported by PC security analysts in August of 2013. These attacks have been going on for some time, at least since May of 2013. PC security analysts were able to uncover and start tracking Fort Disco attacks because of exposed Command and Control servers associated with this botnet. It is important to understand the nature of a botnet. These are vast networks of infected computers, which are controlled by criminals in order to carry out coordinated attacks.

The First Step of Fort Disco is to Steal Your Login Data

Fort Disco attacks are designed to infect computers running Windows. Once Fort Disco malware is installed on the victim's computer, Fort Disco connects to a Command and Control server and retrieves a list of commonly used user names and passwords. These include common default passwords such as '123456', 'qwerty', or 'admin', all considered extremely unsafe. The purpose of Fort Disco attacks is to steal login data. Security researchers suspect that the Fort Disco attacks are a prelude to more extensive malware attacks that may be carried out in the future. Fort Disco attacks will typically leave one of two different malware components on the victim's computer. The first of these is a browser hijacker which can take over the victim's Web browser and force it to visit an attack Web page containing the Styx Exploit Kit. The second of these malicious components is a WordPress plug-in that is used to import posts automatically from a blog on Tumblr.

Possible Implications of Fort Disco Attacks

Malware attacks that target Web servers, blogs and websites are particularly alarming because they hold the potential to result in even more extensive damage. The fact that Fort Disco has these types of targets will more likely result in another stage of the attack in which criminals infect a larger number of targets. By compromising a website, it is possible to insert malicious scripts, advertisements and links which can then redirect visitors to attack websites and other malicious content, exponentially increasing the number of victims.


Fort Disco may call the following URLs:


Most Viewed