Cyber security company ESET has discovered a new malware on windows web servers 2003 that has led to a loss of Sh6.5 million siphoned from companies since May 2017.
The malware, a malicious cryptocurrency miner is infected into the servers in order to mine Monero – a newer cryptocurrency alternative to Bitcoin.
“To achieve this, cyber-criminals modified legitimate, open source Monero mining software and exploited a known vulnerability in Microsoft IIS 6.0 to covertly install the miner on unpatched servers.” ESET said in a statement to BIZNEWS
They noted that when creating the malicious mining software, the criminals did not apply any changes to the original open source codebase, apart from adding hardcoded command line arguments of the attacker’s wallet address and the mining pool URL.
…when creating the malicious mining software, the criminals did not apply any changes to the original open source codebase…
ESET notes that this could have taken the cyber-criminals just minutes to complete.
“While far behind Bitcoin in market capitalization, there are a number of reasons why attackers are mining for Monero,” ESET Malware Researcher Peter Kálnai said, adding that “Features such as untraceable transactions and a proof of work algorithm called CryptoNight, which favours computer or server central processing units, make the cryptocurrency an attractive alternative for cybercriminals. Bitcoin mining, in comparison, requires specialised mining hardware.”
This type of malicious activity is an example of how minimal skill and low operative costs can be sufficient for causing a significant outcome.
In this case, it has been the misuse of legitimate open-source cryptocurrency mining software and the targeting of old systems likely to be left unpatched.
In July 2015, Microsoft ended its regular update support for Windows Server 2003 and did not release a patch for this vulnerability until June of this year, when several critical vulnerabilities for its older systems were discovered by malware authors.
…If automatic up dates fail, we encourage users to download and install the security update manually to avoid falling victim to malicious attacks…
Despite the end-of-life status of the system, Microsoft did patch these critical vulnerabilities in order to avoid large-attacks such as WannaCry occurring once again.
However, it has been well-documented that the automatic updates do not always work smoothly and this could impact the ability to keep Windows Server 2003 up-to-date.
“As a significant number of systems are still vulnerable, users of Windows Server 2003 are strongly advised to apply the security update, KB3197835, and other critical patches as soon as possible,” ESET Malware Analysts Michal Poslušný said adding that “If automatic up dates fail, we encourage users to download and install the security update manually to avoid falling victim to malicious attacks.”