A malware developer working out of china suspected to be controlling and operating over 15k compromised windows strong server, from which he was able to generate crypto currencies, making almost $ 1,000 a day. The news is based on clues a d data he left behind in his security code. Regulating infected servers ransomware or by data extrusion (unauthorised transfer of data from a computer), hackers could easily take full control of the particular bonnet, thats what researcher and tech analyst said.
According to a report, Security researcher as GaurdiCore reports that the malware developer named the botnet as bondnet after the moniker of bond007.01 by him.
Wccfteech further revealed that the the developer was doing the job since December 2016 and he was duly focused on building monero, popular term for criminal money making activity. The botnet operator was generating the revenue of nearly $1,000 per day or more than 25,000 USD a month, Great!. Every well known companies, colleges, Universities , city councils and more other public institution was effected by the botnets.
The security firm reported regarding this that around 20000 out of which 15000 was infected and was daily reported to Command and Control centre.
About the question that how these servers were infected security analyst revealed that the malware developers was clever that he manage to use several old and new exploit to target server machines.
The attacker uses a mix of old vulnerabilities and weak user/password combinations to primarily attack Windows Server machines. The attack vectors we uncovered include known phpMyAdmin configuration bugs, exploits in JBoss, Oracle Web Application Testing Suite, ElasticSearch, MSSQL servers, Apache Tomcat, Oracle Weblogic and other common services.
Thats all from me, if want to go through more details, click here. And forget to put something related the post in the comment box below.