Security News > 2022 > May > Monero-mining botnet targets Windows, Linux web servers
The latest variant of the Sysrv botnet malware is menacing Windows and Linux systems with an expanded list of vulnerabilities to exploit, according to Microsoft.
The strain, which Microsoft's Security Intelligence team calls Sysrv-K, scans the internet for web servers that have security holes, such as path traversal, remote file disclosure, and arbitrary file download bugs, that can be exploited to infect the machines.
"A new behavior observed in Sysrv-K is that it scans for WordPress configuration files and their backups to retrieve database credentials, which it uses to gain control of the web server," the Microsofties wrote in a series of tweets.
"The two modules were in separate files in its early versions, but its developers have since combined the two. The worm module simply initiates port scans against random IPs to find vulnerable Tomcat, WebLogic, and MySQL services and tries to infiltrate the servers with a hard-coded password dictionary attack."
As the botnet evolved, more exploit code was added to enhance its worm capabilities.
The malware starts with a simple script file that deploys modules of exploits against potentially vulnerable targets.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/05/18/microsoft-cryptomining-sysrv-k/
Related news
- Microsoft is bringing the Linux sudo command to Windows Server (source)
- Microsoft Introduces Linux-Like 'sudo' Command to Windows 11 (source)
- Microsoft says it fixed a Windows Metadata server issue that’s still broken (source)
- New Migo Malware Targeting Redis Servers for Cryptocurrency Mining (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- New Windows Server updates cause domain controller crashes, reboots (source)
- Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)