Security News > 2022 > May > Monero-mining botnet targets Windows, Linux web servers

The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.

The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote file disclosure, and arbitrary file download bugs, that can be exploited to infect the machines.

"A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server," the Microsofties wrote in a series of tweets.

"The two modules were in separate files in its early versions, but its developers have since combined the two. The worm module simply initiates port scans against random IPs to find vulnerable Tomcat, WebLogic, and MySQL services and tries to infiltrate the servers with a hard-coded password dictionary attack."

As the botnet evolved, more exploit code was added to enhance its worm capabilities.

The malware starts with a simple script file that deploys modules of exploits against potentially vulnerable targets.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/18/microsoft-cryptomining-sysrv-k/