SambaCry: mass attack on Linux systems

SambaCry : A vulnerability in Samba's facilities on Linux systems allows attacks for a huge cryptocurrency mining.

The actions of malicious users began about five days after the Samba development team announced the patch CVE-2017-7494, which fixes a vulnerability in all versions of Samba released by 2010.SambaCry Vulnerability

Because the vulnerability is exploitable through the SMB protocol and because the issue resembled the vulnerability used by the SMB WannaCry ransomware, some researchers started to report the bug like SambaCry or EternalRed.

On a technical level, a successful SambaCry exploit allows an intruder to open a "pipe" or a path to Samba's servers, upload malicious code and execute it. Depending on the skill level of the attacker, one could easily gain complete control of the server.

That is exactly what happened. Starting May 30, began running mass scans looking for vulnerable Samba file sharing servers.

After discovering Samba facilities, the attackers began to load and run malicious code on their victims' machines.

Attack is done with two malicious files: one is a remote shell with full root access, and the other one is a modified version of the popular crypto-currency mining application called cpuminer.

Experts from Kaspersky Labs who are following the attacks report that the crook or crooks behind this operation mined Monero crypto-coins using the Linux systems they managed to break.

Η των επιτιθέμενων ήταν εύκολη, επειδή κωδικοποίησαν τη διεύθυνση του Monero μέσα στον πηγαίο κώδικα του EternalMiner. Μέχρι τώρα οι ερευνητές αναφέρουν ότι οι hackers έχουν καταφέρει να εξορύξουν 98 Monero, περίπου 5.400 δολάρια στη σημερινή .

According to Rapid7 security researchers, since it became known the of SambaCry, on May 25 there were approximately 104.000 exposed computers on the Internet running vulnerable versions of the Samba software. The number has decreased as many administrators have updated their systems, but there are still many vulnerable servers that allow file sharing.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

hackersI'm sureInternetKasperskylabslinuxpatchpiperansomwarerapid7remotesambaSMBvulnerabilitywalletWannaCryarchivesaddressversionattackresearchersmodeerror

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).