• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft warns of new botnet variant targeting windows and linux

Microsoft warns of new botnet variant targeting Windows and Linux systems

You are here: Home / General Cyber Security News / Microsoft warns of new botnet variant targeting Windows and Linux systems
May 16, 2022

Shutterstock

Microsoft has warned businesses that its security experts have encountered a new variant of the Sysrv botnet that supports more exploits and can gain regulate of web servers.

The botnet relatives has been noticed since 2020 and is known to goal Windows and Linux programs, setting up Monero cryptocurrency miners.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The new variant, dubbed Sysrv-K, is wormable and scans the internet for vulnerabilities in web apps and databases to exploit and put in itself, Microsoft claimed in a Twitter thread.

We encountered a new variant of the Sysrv botnet, identified for exploiting vulnerabilities in web applications and databases to put in coin miners on both equally Windows and Linux units. The new variant, which we contact Sysrv-K, athletics supplemental exploits and can attain regulate of web servers.

— Microsoft Security Intelligence (@MsftSecIntel) May perhaps 13, 2022

Sysrv-K operates likewise to older variants in that it scans for secure shell (SSH) keys, IP addresses, and host names, right before hoping to distribute copies of by itself throughout the network.

The wormable mother nature Sysrv-K is a concern for businesses functioning both Windows or Linux on internet-struggling with programs. Microsoft recommended everyone to secure all internet-dealing with systems and patch known security vulnerabilities.

The vulnerabilities used by Sysrv-K are a combination of older and more recent threats and span myriad varieties which include path traversal, remote file disclosures, arbitrary file download, and distant code execution.

A single of the new behaviour observed in Sysrv-K, and not earlier variants, is its scanning of WordPress configuration data files and their backups to retrieve databases qualifications.

Sysrv-K then utilizes these harvested qualifications to acquire regulate of the web server where by it can use its upgraded conversation tools, these types of as access to a Telegram bot.

The Sysrv relatives

The Sysrv botnet relatives has been all around because December 2020 but its exercise very first notably spiked all-around March 2021, prompting cyber security firms like Juniper to analyse the attacks.

Considering that it was first introduced, there have been various enhancements to Sysrv, this sort of as compiling both of those the worm and Monero miner into a solitary binary last calendar year.

Juniper explained combining the two would afford to pay for the threat actor “better handle and management” as the binary is continually up to date.

As element of the loader’s script, the SSH keys applied in the most recent variant ended up also only included previous yr ahead of activity began to surge. Scientists said this was a further initiative made use of to get larger persistence in concentrate on equipment which could guide to more subtle attacks than cryptocurrency mining.

An NHS Electronic analysis of Sysrv concluded that the binary is written in Go, a cross-platform improvement language which is getting increasingly common amongst cyber criminals.

Sysrv prepares the contaminated procedure by taking away any at present installed cryptocurrency miners ahead of terminating services and modifying the system’s firewall.

It then installs the Monero miner – the variety of miner may perhaps depend on the variant that infects a device – and seems for techniques to transfer and unfold laterally when the miner method operates.


Some elements of this article are sourced from:
www.itpro.co.uk

Previous Post: «researchers find way to run malware on iphone even when Researchers Find Way to Run Malware on iPhone Even When It’s OFF
Next Post: Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors microsoft’s may patch tuesday updates cause windows ad authentication errors»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Report Explores Child’s Data Safety Legislation Across 50 Countries
  • India’s SpiceJet Strands Planes After Being Hit By Ransomware Attack
  • Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
  • 18 Oil and Gas Companies Take Cyber Resilience Pledge
  • Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers
  • Experts Warn of Rise in ChromeLoader Malware Hijacking Users’ Browsers
  • The Added Dangers Privileged Accounts Pose to Your Active Directory
  • Hackers Increasingly Using Browser Automation Frameworks for Malicious Activities
  • DuckDuckGo CEO defends platform after Microsoft online tracker agreement uncovered
  • Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader

Copyright © TheCyberSecurity.News, All Rights Reserved.