The Brute-Force Login Attack on WordPress and Joomla run since a few weeks:
We have currently listen 16582 IP-Address on the bruteforcelogin-List
In the last Days, the Attackers use in the most Requests (think over 90%) the UserAgent „Firefox/19.0“:
220.127.116.11 - - [06/Jun/2013:17:51:46 +0200] "POST wp-login.php HTTP/1.0" 200 4555 "http://referer-domain.tld/" "Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0"
We have found on one Site a little bit Malware-Code, but there was not complete. If you received a Report from us and found the Malware-Script, please send them to us.