- Monero-mining malware exploits Microsoft vulnerability
- ESET urges Windows Server 2003 users to apply security updates
ESET, a global cyber security company, has discovered a malicious cryptocurrency miner on vulnerable Windows web servers. The malware mines Monero – a cryptocurrency alternative to Bitcoin. Microsoft has released the update, but many servers remain outdated, ESET said.
According to ESET cybercriminals modified legitimate, open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to secretly install the miner on unpatched servers. The modifications were minor and could have taken just minutes to make, ESET states.
Money-making malware
Malware experts at ESET have reason to believe this operation has been happening since May 2017. During this time, the cybercriminals created a botnet of hundreds of infected machines and made over US$63,000 worth of Monero.
“While far behind Bitcoin in market capitalisation, there are a number of reasons why attackers are mining for Monero,” said Peter Kálnai, ESET Malware Researcher. “Features such as untraceable transactions and a proof of work algorithm called CryptoNight, which favours computer or server central processing units, make the cryptocurrency an attractive alternative for cybercriminals. Bitcoin mining, in comparison, requires specialised mining hardware.
ESET points out that minimal skill and low operative costs can cause significant outcomes.
In July 2015, Microsoft ended its regular update support for Windows Server 2003 and did not release a patch for this vulnerability until June of this year, when several critical vulnerabilities for its older systems were discovered by malware authors.
Despite the end-of-life status of the system, Microsoft did patch these critical vulnerabilities in order to avoid large-attacks such as WannaCry occurring once again. However, it has been well-documented that the automatic updates do not always work smoothly and this could impact the ability to keep Windows Server 2003 up-to-date.
“As a significant number of systems are still vulnerable, users of Windows Server 2003 are strongly advised to apply the security update, KB3197835, and other critical patches as soon as possible,” said Michal Poslušný, ESET Malware Analyst. “If automatic updates fail, we encourage users to download and install the security update manually to avoid falling victim to malicious attacks.”
- ESET urges Windows Server 2003 users to apply security updates
ESET, a global cyber security company, has discovered a malicious cryptocurrency miner on vulnerable Windows web servers. The malware mines Monero – a cryptocurrency alternative to Bitcoin. Microsoft has released the update, but many servers remain outdated, ESET said.
According to ESET cybercriminals modified legitimate, open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to secretly install the miner on unpatched servers. The modifications were minor and could have taken just minutes to make, ESET states.
Money-making malware
Malware experts at ESET have reason to believe this operation has been happening since May 2017. During this time, the cybercriminals created a botnet of hundreds of infected machines and made over US$63,000 worth of Monero.
“While far behind Bitcoin in market capitalisation, there are a number of reasons why attackers are mining for Monero,” said Peter Kálnai, ESET Malware Researcher. “Features such as untraceable transactions and a proof of work algorithm called CryptoNight, which favours computer or server central processing units, make the cryptocurrency an attractive alternative for cybercriminals. Bitcoin mining, in comparison, requires specialised mining hardware.
ESET points out that minimal skill and low operative costs can cause significant outcomes.
In July 2015, Microsoft ended its regular update support for Windows Server 2003 and did not release a patch for this vulnerability until June of this year, when several critical vulnerabilities for its older systems were discovered by malware authors.
Despite the end-of-life status of the system, Microsoft did patch these critical vulnerabilities in order to avoid large-attacks such as WannaCry occurring once again. However, it has been well-documented that the automatic updates do not always work smoothly and this could impact the ability to keep Windows Server 2003 up-to-date.
“As a significant number of systems are still vulnerable, users of Windows Server 2003 are strongly advised to apply the security update, KB3197835, and other critical patches as soon as possible,” said Michal Poslušný, ESET Malware Analyst. “If automatic updates fail, we encourage users to download and install the security update manually to avoid falling victim to malicious attacks.”
No comments:
Post a Comment