Security News > 2022 > May > Monero-mining botnet targets Windows, Linux web servers

The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.
The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote file disclosure, and arbitrary file download bugs, that can be exploited to infect the machines.
"A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server," the Microsofties wrote in a series of tweets.
"The two modules were in separate files in its early versions, but its developers have since combined the two. The worm module simply initiates port scans against random IPs to find vulnerable Tomcat, WebLogic, and MySQL services and tries to infiltrate the servers with a hard-coded password dictionary attack."
As the botnet evolved, more exploit code was added to enhance its worm capabilities.
The malware starts with a simple script file that deploys modules of exploits against potentially vulnerable targets.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/18/microsoft-cryptomining-sysrv-k/
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Hijacked Microsoft web domain injects spam into SharePoint servers (source)
- Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)
- WinRAR flaw bypasses Windows Mark of the Web security alerts (source)