One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 620723 |
| Date de publication | 2018-05-01 16:02:00 (vue: 2018-05-01 19:09:13) |
| Titre | MassMiner Malware Targeting Web Servers |
| Texte |
Written in collaboration wih Fernando Martinez
One of the biggest malware-trends of 2018 has been the increasing variety of crypto-currency malware targeting servers.
One family of mining malware, we’ve termed “MassMiner”, stands out as a worm that not only spreads itself through number of different exploits, but also brute-forces access to Microsoft SQL Servers. It surprised us how many different exploits and hacking tools it leverages in a single executable.
MassMiner spreads first within the local network, before attempting to propagate across the wider internet:
There are a number of different versions of MassMiner, and Honeypot data indicates they are continuing to spread:
An infected MassMiner machine attempting to spread, using an exploit for Apache Struts
This one site records infection attempts to their honeypots, most likely from infected systems, in the following countries:
It’s likely these numbers represent just a minority of the infected systems.
Reconnaissance
MassMiner includes a fork of MassScan, a tool that can scan the internet in under 6 minutes. The MassScan fork passes a list of IP ranges to scan during execution, which includes private and public IP ranges.
Exploitation
MassMiner then proceeds to run exploits against vulnerable systems, including:
|
| Envoyé | Oui |
| Condensat | > border:0;margin:0;padding:0; com/i/rss20 feedblitz malware massminer png servers style= targeting web |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.