Internet professionals using Wordpress have been under attack for the last few weeks but only now is it being widely reported.
Numerous security experts have issued warnings recently about the botnet, a brute-force password-guessing attack against sites that are powered by the popular blogging and content management system and the providers that host those sites.
What makes the broader attack so malicious is that infected sites are seeded with backdoors that let the attackers control the site remotely. The compromised sites are then forced to launch password-guessing attacks against other sites running Wordpress. Scary.
According to Web site security firm Incapsula, those behind the attack are scanning the Web for WordPress installations, and attempting to log in to the administrative console at these sites using a list of commonly-used username and password combinations.
Web hosting provider HostGator last week suggested that the problem has grown to include more than 90,000 compromised sites.
Cloudflare CEO Matthew Prince last week said in a blog post that the tactics employed in this attack were similar to those used in the so-called itsoknoproblembro/Brobot botnet which, in the Fall of 2012, was responsible for a series of cyber attacks against US financial institutions.
If you're a Wordpress user, make sure to change administrative passwords immediately and make sure those password meet the security requirements set forth on the Wordpress site (upper and lowercase letter, at least eight characters long, and includeing special characters.