sb-as logo
Story image

Monero cryptocurrency miner enslaves Windows Server 2003 systems in botnet

02 Oct 2017

A malicious cryptocurrency miner is causing havoc in Windows web servers worldwide and those with unpatched systems are vulnerable to becoming part of a mining botnet.

ESET researchers report that the miner leverages a known vulnerability in Microsoft IIS 6.0 to covertly install the Monero cryptocurrency miner on unpatched servers.

Monero is an alternative cryptocurrency to Bitcoin. Since May 2017, cybercriminals have modified legitimate open source Monero mining software and installed it on the servers.

They then used it to create a botnet containing several hundred servers and mined more than AU$80,000 of Monero cryptocurrency.

While Microsoft has addressed the vulnerability CVE-2017-7269 in server updates, researchers say many servers remain outdated.

“As a significant number of systems are still vulnerable, users of Windows Server 2003 are strongly advised to apply the security update, KB3197835, and other critical patches as soon as possible,” comments Michal Poslušný, ESET malware analyst.

“It is a vulnerability in the WebDAV service that is part of Microsoft IIS version 6.0, the webserver in Windows Server 2003 R2,” researchers explain.

In 2015, Microsoft ended regular update support for Windows Server 2003, however it did release a patch for this vulnerability in June 2017. This was only after several malware authors spotted several critical vulnerabilities in its older systems, researchers explain.

However, automatic updated don’t always work and this impacts the ability to keep Windows Server 2003 up to date.

“If automatic updates fail, we encourage users to download and install the security update manually to avoid falling victim to malicious attacks,” Poslušný continues.

The miner is also an example of how minimal skill levels and low operating costs can create functioning malware – in this instance, it was a combination of genuine software manipulation and unpatched systems that created the perfect environment for the Monero miner.

Researcher Peter Kálnai says there are many reasons why Monero is an attractive cryptocurrency for mining purposes, even though Bitcoin is worth more in the market.

“Features such as untraceable transactions and a proof of work algorithm called CryptoNight, which favours computer or server central processing units, make the cryptocurrency an attractive alternative for cybercriminals. Bitcoin mining, in comparison, requires specialised mining hardware,” he explains.

While the attackers were active around the end of August, there has been no further activity from them and no further infections reported. Attackers have already started losing machines within their botnet.

Researchers believe a new campaign will be launched in the near future.

Story image
BlueVoyant acquires Managed Sentinel, builds out Microsoft MSS offerings
“Combining Managed Sentinel’s Azure Sentinel deployment expertise with BlueVoyant’s MDR capabilities will help customers operationalise and maximise Microsoft security technologies."More
Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More
Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More
Story image
Gartner reveals the top strategic tech trends for 2021
“CIOs are striving to adapt to changing conditions to compose the future business - this requires the organisational plasticity to form and reform dynamically. Gartner’s top strategic technology trends for 2021 enable that plasticity.”More
Story image
Women in cybersecurity – what is holding us back?
A robust and diverse workforce with wide-ranging skills and depth of experience is essential for providing balance, safety and continuity to both the industry and countries at large. More