The attacker exploited the SambaCry vulnerability for virtual currency mining – Penetration Testing

According to foreign media reported on June 10, Kaspersky Lab researchers found that cybercriminals are using SambaCry Vulnerability (CVE-2017-7494) virtual currency mining operations.

SambaCry allows hackers to remotely control vulnerable Linux and Unix systems, but can only be used in certain situations, that is, to meet the networking to create files with shared port 445, configure write permissions when sharing files and files using known server paths , The attacker can remotely upload the specified malicious code and use the server to load the implementation.

SambaCry has network worm features, at least 485,000 computers worldwide have Samba vulnerabilities and are exposed to the Internet. According to the researchers speculated that the recent use of SambaCry the number of network attacks will increase rapidly. Kaspersky Labs researchers have found that a malware is using the SambaCry vulnerability to infect the Linux system and install an encryption mining tool when setting up honeypots. Once the Linux device suffers from a SambaCry vulnerability, the attacker will execute two different payloads in the target system:

INAebsGB.so – reverse shell, allowing remote attacker access to target system
cblRWuoCc.so – backdoor, including backdoor CPUminer with encrypted currency mining tool

The attacked system will become a “private mine” that specifically exploits the virtual currency for the attacker. In addition, through the reverse shell in the system, the attacker can also change the already running miners configuration, or use other malware to infect the victim’s computer. According to Kaspersky revealed that the attack behind the scenes black profit has been at least 5,380 US dollars. With the increase in the number of Linux systems being attacked, the income of cybercriminals will increase.

The post The attacker exploited the SambaCry vulnerability for virtual currency mining appeared first on Penetration Testing. http://ift.tt/2rQYwxm http://ift.tt/2aM8QhC

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s