Security News > 2022 > May > Monero-mining botnet targets Windows, Linux web servers
The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.
The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote file disclosure, and arbitrary file download bugs, that can be exploited to infect the machines.
"A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server," the Microsofties wrote in a series of tweets.
"The two modules were in separate files in its early versions, but its developers have since combined the two. The worm module simply initiates port scans against random IPs to find vulnerable Tomcat, WebLogic, and MySQL services and tries to infiltrate the servers with a hard-coded password dictionary attack."
As the botnet evolved, more exploit code was added to enhance its worm capabilities.
The malware starts with a simple script file that deploys modules of exploits against potentially vulnerable targets.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/18/microsoft-cryptomining-sysrv-k/
Related news
- Ransomware hits web hosting servers via vulnerable CyberPanel instances (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Windows Server 2025 released—here are the new features (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)
- New Windows Server 2012 zero-day gets free, unofficial patches (source)