Discovered a malicious botnet targeting Windows and Linux servers globally for almost two years

 295 total views

2021-05-01 13:00:52

Due to the sharp increase in transaction value of cryptocurrencies, especially Bitcoin in recent times, the trend of global online systems attacked by virtual currency mining botnets has also increased. code ”. Any poorly secured system can easily fall victim to a malicious botnet.

A prime example recently discovered is the case of a malicious botnet named WatchDog.

This botnet was discovered by Unit42, a dedicated team of security experts from Palo Alto Networks. WatchDog operates mainly in the field of cryptocurrency mining. And it’s worth mentioning that this botnet has been deploying malicious campaigns since January 2019, but not until now – after a period of almost 2 years.

Going deeper into the analysis process, the researchers found WatchDog was written in the Go programming language, and recorded infections to both Windows and Linux systems.

The main targets in these botnet attacks are outdated enterprise applications. According to an in-depth analysis of WatchDog botnet activity published recently, Unit42 says that the guys behind the botnet run at least 33 different exploit methods to target 32 ​​security vulnerabilities. located in enterprise software such as:

  • Drupal
  • Elasticsearch
  • Apache Hadoop
  • Redis
  • Spring Data Commons
  • SQL Server
  • ThinkPHP
  • Oracle WebLogic
  • CCTV

Based on clues obtained by the Unit42 team by analyzing the WatchDog malware binary, the researchers estimated the size of the botnet currently left to be between 500 and 1,000 infected systems – a number. not small.

The illegal profits earned by this botnet are estimated at 209 Monero, or $ 32,000 at current exchange rates. However, the real number is said to be much higher as researchers focus solely on analyzing certain binary codes, and the gang behind the botnet operation is said to have used more Monero addresses. to collect illegal cryptocurrency mining funds.

The good news for Windows and Linux server owners around the world is that WatchDog has yet to be on par with recent popular crypto mining botnets like TeamTNT and Rocke. These two botnets have added a slew of features that allow them to extract AWS and Docker system credentials from infected servers.

However, the Unit42 team warns that WatchDog is growing rapidly in both scale and danger. Without timely intervention, it is only a matter of time before the botnet becomes a force.

On the infected servers, WatchDog typically runs with administrator privileges and can perform both scanning and rendering of credentials without any difficulty.

To protect systems against this new threat, the only advice for IT administrators is to update their systems and applications regularly. This will help prevent attacks targeting old vulnerabilities in the system early on.


#Discovered #malicious #botnet #targeting #Windows #Linux #servers #globally #years

Leave a Reply

Your email address will not be published. Required fields are marked *