Malware for mining cryptocurrencies exploits Microsoft vulnerability

© Provided by: pestaola.gr

ESET urges Windows Server 2003 users to proceed with security updates to avoid falling victim to the latest cryptocurrencies mining attack.

More specifically, ESET has discovered a new threat where intruders infect non-updated Windows web servers with a malicious cryptocurrency miner in order to extract Monero – a newer form of encryption, an alternative to Bitcoin. Microsoft has released its software update, but so far, many servers have still not installed this update.

To achieve their goals, cybercriminals have modified legitimate open-source software that makes Monero mining and exploited a known vulnerability in version 6.0 of Microsoft IIS to secretly install the miner on a server without updates. In the development of malicious mining software, criminals did not make any changes to the original, open-source code base, but only added built-in parameters for running the wallet address of cybercriminals and the mining pool for URLs. According to ESET, this process could have been completed by cybercriminals in just a few minutes.

A malware that generates profits

ESET malware experts believe that this malicious business has been happening since May 2017. During this time, the cyber criminals behind this campaign created a botnet of hundreds of infected machines and earned prizes equivalent to Monero worth over 63,000 US dollars.

“Although Bitcoin has lower market shares, there are several reasons why the attackers chose to extract Monero“,

said Peter Kálnai, Malware Researcher of ESET.

“Showing features such as non-tradable transactions and a proof of work algorithm, known as CryptoNight, which is “more friendly” to the central computer or server processors, Monero is an attractive alternative to cyber criminals. Bitcoin mining, on the contrary, requires specialized hardware for mining.”

Exploitation of vulnerabilities

This form of malicious activity is evidence of how easily, with minimal capabilities and low operating costs, can be a major problem. In this case, it was sufficient to abuse a legitimate, open-source software for extracting cryptocurrencies and targeting old systems that may remain unannounced.

In July 2015, Microsoft completed regular Windows Server 2003 update support and had not released a patch for this vulnerability until June this year, so malware creators identified several vulnerabilities in non-upgraded systems.

Although the system is at the end of its lifecycle, Microsoft has released patches for these critical vulnerabilities, in order to avoid a major recurrence of such attacks as the WannaCry campaign. However, it is a fact that automatic updates do not always work smoothly, and this could affect Windows Server 2003‘s ability to keep up to date.

Source: www.pestaola.gr