Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Questions about VMware ESXi servers exploit - [Thread Split]
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1024441"><p>ESXi is not a desktop enviornment. It is a hypervisor installed directly onto the hardware. So there is no user sitting in front of the box using it for things such as web browsing and email or file download and execution. There is no Windows installed onto ESXi. ESXi is a "server" that hosts VMWare virtual machines. The virtual machines were not exploited, but the hosting ESXi subsystem itself.</p><p></p><p>ESXi servers were directly connected to the internet on port 427. The attackers sent specially crafted packets that performed a heap-overflow, which is a memory exploit. Afterwards, they sent malicious code that was executed in memory and encrypted VMWare file types on the ESXi system. Curiously, they did not encrypt the virtual machine files, but instead only the files which are needed to make it all work. This is big part of the reason why a recovery script is available and works.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1024441"] ESXi is not a desktop enviornment. It is a hypervisor installed directly onto the hardware. So there is no user sitting in front of the box using it for things such as web browsing and email or file download and execution. There is no Windows installed onto ESXi. ESXi is a "server" that hosts VMWare virtual machines. The virtual machines were not exploited, but the hosting ESXi subsystem itself. ESXi servers were directly connected to the internet on port 427. The attackers sent specially crafted packets that performed a heap-overflow, which is a memory exploit. Afterwards, they sent malicious code that was executed in memory and encrypted VMWare file types on the ESXi system. Curiously, they did not encrypt the virtual machine files, but instead only the files which are needed to make it all work. This is big part of the reason why a recovery script is available and works. [/QUOTE]
Insert quotes…
Verification
Post reply
Top