Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11The malware owner earned $ 63,000 from digging Monero on the IIS server
Researchers at ESET have just discovered this behavior. They say hackers use CVE-2017-7269, a vulnerability on IIS 6.0 servers to take control and install the Monero digging tool.
CVE-2017-7269 is a vulnerability on IIS's WebDAV service and was discovered at the end of March by 2 Chinese researchers. At that time, it was still a zero-day vulnerability.
The two researchers also provided the POC exploit code on GitHub https://github.com/edwardz246003/IIS_exploit to help system administrators determine if they are using an unpatched IIS 6.0 version.
The malware author almost does nothing
ESET indicates that malware uses this POC exploit code along with the scan tool and finds vulnerable IIS 6.0 servers. On these servers, they exploit the code to download the Monero digging tool.
More and more malware digs virtual money on users
Although it sounds impressive, ESET says that this malware author does very little. Modifying the exploit code is very sketchy, the Monero digging tool is just another version of an open source project called xmrig, version 0.8.2 (released on May 26, 2017).
'We do not know which attackers use the scanning software to find a vulnerable machine but there are many sample code and exploit software available, we think they don't have to do much,' said Michal Poslusny, researcher. at ESET said.
The revision of the Monero digging tool and the same update date is a day so maybe the update is not time consuming or complicated. Still, the attacker still made a lot of money.
Malware digging virtual money is increasing
ESET says bad guys scan for IIS 6.0 servers from the end of May and after several interruptions, they are still working.
'Malware digging virtual money is not new but they are skyrocketing because of many factors,' Poslusny said. The two competitors of ESET also saw the same thing. In the past two weeks, Kaspersky reported more than 1.65 million malware-infected computers dig virtual currency in the first 8 months of the year. IBM also reported an increase in virtual currency malware on the enterprise network. Behavior of digging virtual money on the browser also spread.
There was a patch
Windows Server users still currently run IIS 6.0 to update the Microsoft patch released in June. Https://blogs.windows.com/windowsexperience/2017/06/13/microsoft-releases-additional-updates-protect- potential-nation-state-activity / and https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/ . Microsoft released this patch after Windows XP and Server 2003 achieved End-of-Life scores many years ago.
The exploited IIS 6.0 vulnerability this time with CVE identified as EXPLODINGCAN NSA leaked from Shadow Brokers in April. Microsoft patched KB3197835 to fix it.
If unable to update from the Microsoft patch, sysadmin can find the patch of another network security company.https://pages.ensilo.com/download-the-patch-for-esteemaudit-exploit
David PacYou should read it
- Asus produces virtual money digging boards that support up to 20 GPUs
- Samsung produces dedicated chips to dig virtual money
- History of digging a bitcoin, from a regular CPU to an ASIC system
- Malware digs virtual money over antivirus programs, forcing Windows to crash
- What to do when the computer is infected with a virus that fights virtual money?
- Warning: new code of virtual money digging is available via Facebook Messenger
- The Opera 50 browser can block websites that dig money from encryption from user machines
- How to block websites using your CPU to dig virtual money
May be interested
- Digital pre-digging tool infects Windows computers via EternalBlue and WMI
a newly discovered malware family called coinminer is causing many users and companies to secure many problems, making it difficult to prevent or detect the combination of many unique features. - Can Threadripper CPU dig up 'peer' pre-coding with VGA GTX 1080?recently, amd has stated that its threadripper cpu is also capable of generating money from coding crypto as much as high-end vga. even compared to the series of buffalo plows, which can only be used to dig money, cpu threadripper has an advantage because while digging up coding money you can still do other things or play games.
- What is Cryptojacking and how to combat this malware?cryptojacking is a new way of using criminals to make money with your hardware. when opening a website in your browser, cryptojacking malware can use the cpu to the maximum to exploit cryptocurrency and it is becoming increasingly popular.
- History of digging a bitcoin, from a regular CPU to an ASIC systembitcoin digging is just a hobby for those who are passionate about virtual money. previously just a normal computer was enough to dig bitcoin, but after nearly 10 years, everything changed a lot.
- Discovering botnets digging huge encrypted money earns $ 8,500 a day for hackersa giant cryptocurrency botnet called smominru, which has taken control of more than half a million computers worldwide, has been discovered by security researchers. this botnet spreads the eternalblue lane, the nsa's wannacry exploit method developed but accidentally revealed it.
- Malware stored in Google Sites sends data to the MySQL serverrecently, security researchers have found some malware hosted on the google sites platform to build on websites. however, the real threat lies in the fact that a fraudster who steals information can take advantage of this flaw to send the victim's data to their own controlled mysql server simply and quickly. .
- Bitcoin digging around the world consumes electricity in a countrythe power consumption of bitcoin mining in the world at the end of 2018 reached 7.67 gigawatts. the amount of electricity consumed by bitcoin is equivalent to the whole of ireland.
- How to Find the Owner of a Vehiclethere may be a variety of reasons that you would need to identify and locate the owner of a vehicle. perhaps you witnessed or were the victim of a hit-and-run accident. maybe it's a car that you have recently sold and have some need to...
- How to choose peach blossom and keep the cherry blossoms longselecting a satisfactory branch / peach tree to display on tet holiday is quite a difficult thing for those who have not experienced because it has many different varieties: digging, digging, digging, digging, digging branches jar, peach bonsai grown on pots ...
- Binder and Malware (Part 1)the malware issue is not new and we cannot chase them away immediately. in fact, we have spent a lot of money dealing with criminals using trojans, viruses and bots. not just users
Attack the network
- Windows computer worm forces users to view Homestar Runner
- Hackers use simple tricks to steal Ethereum worth 7 million dollars in 3 minutes
- Apple applies strict laws with VPN ad blocking tools on third-party applications
- Tor opens the Bug Bounty program to find a bug to receive a bonus
- Google secretly checks fake ads, resulting in many people worrying
- Facebook does not allow to edit titles and preview links to prevent fake information
Windows computer worm forces users to view Homestar Runner
Hackers use simple tricks to steal Ethereum worth 7 million dollars in 3 minutes
Apple applies strict laws with VPN ad blocking tools on third-party applications
Tor opens the Bug Bounty program to find a bug to receive a bonus
Google secretly checks fake ads, resulting in many people worrying
Facebook does not allow to edit titles and preview links to prevent fake information