Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Hackers start using SambaCry to attack Linux computers
Previously, a vulnerability implemented a 7-year-old remote code in the Samba software system (implemented via the SMB network protocol) and allowed hackers full control of remote Linux and Unix computers to be notified . For more details on this vulnerability (CVE-2017-7497) and how it works, read this article.
At that time, nearly 485,000 computers of Samba use were potentially infectious on the Internet and researchers predicted that the SambaCry attack was as widespread as ransomware WannaCry had done before.
This prediction is quite accurate when a honeypot (temporarily translating honey traps, a system of false information resources to deceive and prevent real system contact) has been discovered by a research group at Kaspersky Lab. The malware campaign exploits the SambaCry vulnerability to infect Linux computers with the cryptocurrency system (encryption system for data conversion). Another network security researcher, Omri Ben Bassat, also independently researched and discovered a similar campaign called EternalMiner.
According to researchers, the unknown hacker group began attacking Linux computers just a week after the Samba vulnerability was released to the public and installed an update of CPUminer, a digging software. Monero cryptocurrency to dig digital monero money (XMR).
After infiltrating the computer with the SambaCry vulnerability, the attacker will execute two payloads on the victim's computer:
- INAebsGB.so - a reverse shell that provides remote control for an attacker.
- cblRWuoCc.so - a back door that includes the cryptocurrency CPUminer digging tool.
"Although the reverse code is still in the system, an attacker can change the configuration of running digging tools or affect the victim machine with other types of malware," Kaspersky researchers said. . Digging with cryptocurrency can be expensive because it requires a large amount of computational resources, but this type of malware is easier than cybercrime because it allows the use of hacked resources to make a profit.
You may also know Adylkuzz, the miner malware uses the SMB vulnerability on Windows at least 2 weeks before the WannaCry attack. Malware Adylkuzz also dug Monero using a large computing resource on a compromised Windows machine.
Attacked machines will consume a lot of computing resources
The attackers behind SambaCry CPUminer have earned 98 XMR, which is today equivalent to $ 5380 and this number will increase as the number of infected Linux machines increases. "On the first day, they earned about 1 XMR (equivalent to $ 55 at the exchange rate on June 8, 2017), but last week, they earned 5 XMR a day," the researchers said.
Samba has patched in new versions 4.6.4 / 4.5.10 / 4.4.14 and recommends that people who use unsafe Samba versions should patch as soon as possible.
David PacYou should read it
- Samba vulnerabilities allow hackers to invade thousands of remote Linux computers
- The Linux subsystem on Windows 10 allows malware to hide without being detected
- The interesting mystery behind how to put code names and numbers of famous Linux distributions, you know?
- The Linux machine can be remotely hacked with a poisoned DNS response
- How to install and configure Samba on Debian
- Is Linux really immune to viruses and malware?
- The new threat in Linux operating system can have 'incalculable' consequences.
- Malware WSL appeared with the ability to steal browser authentication cookies
May be interested
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
international security researchers have found an entirely new linux vulnerability that allows potential attackers to hijack vpn connections on the device * nix and 'inject' the arbitrary data payload into it. tcp4 and ipv6 streams. - Hackers publish Windows attack codemicrosoft on october 28 has advised its customers that the vulnerabilities that attack the windows operating system are released by hackers.
- Ze-ro day preventionze-ro day is the hackers take advantage of security holes (bm) not yet overcome in the system to attack causing terrible consequences for computers (mt) and network systems. ze-ro day is also a constant attack to make victims
- 17 lightweight Linux distributions bring new life to old computersolder computers are often slow and upgrading components such as ram, cpu and hard drive can alleviate performance problems. however, the best solution to bring new life to your old computer is to install a compact linux distribution.
- Samba vulnerabilities allow hackers to invade thousands of remote Linux computersa 7-year-old vulnerability was found on samba software, allowing an attacker to hack and control linux and unix computers remotely.
- What is SS7 attack? What can hackers use it for?an ss7 attack is a very dangerous attack method. an ss7 attack can be used to bypass two-factor authentication. so what specifically is the ss7 attack? what can a hacker do with an ss7 attack?
- 3 ways hackers can attack home routersa router is an important source of data transmission in the home. computers, laptops, tablets and phones all use routers to transfer data to websites worldwide.
- Why are Linux computers still important?phrases like 'the year of the linux computer' or something like that will probably never appear on the market. does this mean linux computers have no power at all? absolutely not! computers running the linux operating system are still great.
- What is Smurf Attack? How to prevent Smurf Attack?smurf attack is a type of ddos attack, hackers will attack the victim's server by sending fake ip requests using internet control message protocol to create fake accesses that overload the target device or network.
- WikiLeaks revealed malware of CIA hacks and spies on Linux computerswikileaks has just published the vault 7 document that provides detailed information about a supposedly cia project that allows remote hacking and spying on linux-based computers.
Attack the network
- An easy way to trick $ 80,000 a month from App Store and iOS
- The US warned about DealtaCharlie - DDoS botnet malware from Korea
- What is Bitcoin? Why is Bitcoin not 'virtual money'?
- WannaCry is not dead yet, it just attacked Honda and Australia's traffic camera system
- Microsoft Defender Windows Defender before Kaspersky's complaint
- Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here
An easy way to trick $ 80,000 a month from App Store and iOS
The US warned about DealtaCharlie - DDoS botnet malware from Korea
What is Bitcoin? Why is Bitcoin not 'virtual money'?
WannaCry is not dead yet, it just attacked Honda and Australia's traffic camera system
Microsoft Defender Windows Defender before Kaspersky's complaint
Many major vulnerabilities found in Kaspersky Antivirus for Linux servers, download the patch here