Header Ads

Home Internet Hackers Started Using "SambaCry Flaw" to Hack Linux Systems

Hackers Started Using "SambaCry Flaw" to Hack Linux Systems

Saturday, June 10, 2017
SambaCry Flaw


Remember the 7 Year Old SambaCry flaw? Which lets' hackers access thousands of Linux Pcs remotely?

Two weeks ago, we reported about a 7-year important remote code execution vulnerability in Samba Networking Software (SB Networking Protocol) that allows a remote hacker to take full control over a weak Linux and Unix machines.


Read more:- A 7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely

At that time, about 485,000 samba-enabled computers were exposed on the Internet, and researchers had speculated that the Samba-based attack has the potential to spread widely like WannaCry ransomware.   

The prediction proved to be quite accurate, because the team of researchers from Kaspersky Lab has captured a malware campaign that is exploiting SambaCry vulnerability, to infect Linux computers with cryptocurrency mining software

Another security researcher, Omri Ben Bastit, independently discovered the same campaign and named it "EternalMiner". 

After compromising the vulnerable machines using SambaCry vulnerability, attackers execute two payloads on the targeted systems:

  • INAebsGB.so — A reverse-shell that provides remote access to the attackers.
  • cblRWuoCc.so — A backdoor that includes cryptocurrency mining utilities – CPUminer.


Some Kaspersky researchers says:- 
   
Through the reverse-shell left in the system, the attackers can change the configuration of a miner already running or infect the victim’s computer with other types of malware,

Mining cryptocurrencies can be an expensive investment because it requires a large amount of computing power, but such cryptocurrency-mining malware makes it easier for cybercriminals by allowing them to utilise computing resources of compromised systems to make the profit.
"During the first day they gained about 1 XMR (about $55 according to the currency exchange rate for 08.06.2017), but during the last week they gained about 5 XMR per day," the researchers say. 




But the maintainers of Samba has already patched the issue in their new Samba versions 4.6.4/4.5.10/4.4.14, and are urging those using a vulnerable version of Samba to install the patch as soon as possible. 


So what do you think about this? Comment your thoughts below. 
Tags :

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.