Security News > 2022 > October > Hundreds of Microsoft SQL servers backdoored with new malware
Security researchers have found a new piece of malware targeting Microsoft SQL servers.
Named Maggie, the backdoor has already infected hundreds of machines all over the world.
Maggie is controlled through SQL queries that instruct it to run commands and interact with files.
Its capabilities extend to brute-forcing administrator logins to other Microsoft SQL servers and doubling as a bridge head into the server's network environment.
The malware offers simple TCP redirection functionality, which allows remote attackers to connect to any IP address the infected MS-SQL server can reach.
At this time some details remain unknown, like the post-infection use of Maggie, how the malware is planted in the servers in the first place, and who is behind these attacks.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- DinodasRAT malware targets Linux servers in espionage campaign (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft: Copilot ‘app’ on Windows Server mistakenly added by Edge (source)