A botnet called KashmirBlack has been infecting thousands of websites running on content management systems such as WordPress, Joomla, and Drupal. The botnet uses Dropbox and GitHub to avoid detection and is focused on spamming and defacing hundreds of thousands of websites. Security firm Imperva was the first to report the campaign, which has been widely targeting CMS platforms that are not up to date.
KashmirBlack utilizes a modular infrastructure with features including load balancing communications with command and control servers. The KashmirBlack botnet has only been observed infecting CMS platforms and exploits dozens of publicly disclosed vulnerabilities existing on targeted servers. According to a report published by Imperva, the Botnet performs millions of attacks per day.