Miners of Virtual Currency Plant Malware on Web Servers
Security researchers, of late, noticed one fresh malware strain getting proliferated on the Web. Dubbed RubyMiner, the malicious program mines crypto-currency that targets obsolete Web servers. Certego and Check Point published a research which together with information from Ixia to Bleeping Computer reveals that the RubyMiner assaults began January 9-10.
It is being urged to system administrators that they require watching their servers for attacks of hijacking because crooks are installing virtual currency mining malicious programs onto Windows and Linux computers globally. According to Check Point the security vendor, it found cyber-criminals hunting flawed Web servers having active Ruby and PHP for installing malicious software on the mentioned types of PCs.
The RubyMiner onslaught attempts at planting crypto-currency miner XMrig to garner Monero virtual currency so Ruby can utilize the processing power of the target computer. Itnews.com posted this on the Web dated January 16, 2018.
Stefan Tanase security researcher from Ixia told Bleeping Computer about RubyMiner attackers utilizing one fingerprinting tool known as p0f for scanning Web servers to spot Windows and Linux computers that have obsolete software. Soon as the attackers spot un-patched servers, they plant very familiar exploits for acquiring hold over vulnerable servers that they then contaminate with RubyMiner.
According to Lotem Finkelstein, security researcher at Check Point, cyber-criminals are aiming attacks on Windows IIS servers; however, the malware's Windows version hasn't still been obtained. The said attack is quite distinct, as a particular website where the criminals concealed harmful instructions within a file named robots.txt had been utilized during one earlier malware onslaught too, during 2013.
Separately, Certego the other security vendor too noticed one massive hike within Ruby HTTP exploitation by criminals mining coins, the previous week. Check Point said RubyMiner infected servers counting some 700 while computed the attackers' revenue as $540 via analyzing those wallets' addresses that the company discovered within XMRig miner customized for installation by RubyMiner malicious program.
In conclusion Check Point suggests that for stopping the above described assaults, it is necessary that administrators deploy the latest security patches on their servers, while disable unused Windows or Linux systems within the networks.
» SPAMfighter News - 1/19/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!