"Botnet Blasts WordPress Sites With Configuration Download Attacks"
Researchers at WordFence have found that a million different WordPress sites have received malicious requests designed to shake loose their wp-config.php files over the past month. The researchers believe that these attacks were orchestrated using a botnet, also known as zombie malware because more than 20,000 different IP numbers appeared in the list of computers involved in the attack. Adversaries that can overwrite a user's wp-config.php file can pretty much do anything they want to the user's server because the code in there runs on the server for every request. The adversary can modify the configuration file, and they do not have to wait for the user to restart WordPress or reboot their server, they can visit the user's site. If an adversary gains read access to a user's configuration file, a crook may be able to use the security information to get unauthorized access to the user's WordPress databases.
Naked Security reports: "Botnet Blasts WordPress Sites With Configuration Download Attacks"