Security News > 2020 > June > DarkCrewFriends Returns with Botnet Strategy

Researchers said they observed DarkCrewFriends exploiting an unrestricted file upload vulnerability to compromise PHP servers that run websites.

"Many applications allow users to upload certain files to their servers, such as images or documents," explained the researchers on Thursday in a blog post.

"These files can put the system at risk if they are not properly handled. A remote attacker can send a specially crafted request to a vulnerable server and upload an unrestricted file while bypassing the server's file extension check. This can eventually result in arbitrary code execution on the affected system."

"When we downloaded both.AFF files, we saw that those files were actually PHP and Perl files," the researchers explained.

These files are both variants of the main malware module, which has a wide range of capabilities, including the ability to execute shell commands; gather information on running services on the host computer; download or upload FTP files; scan open ports; and conduct multiple types of DDoS attacks.

News URL

https://threatpost.com/darkcrewfriends-returns-botnet/156963/