A few days ago, we posted a list of domains hosting webshells for
related attacks. We identified more than 420 different URLs hosting those backdoors.
What is interesting is that during the same period, we identified almost 1,000 ip addresses scanning
sites for vulnerable thimthumb scripts on WordPress themes and plugins. Those are all the ips and the number
of hits we detected:
And we will keep monitoring them.