HomeWinBuzzer NewsMicrosoft Security Describes New Botnet Targeting Windows System

Microsoft Security Describes New Botnet Targeting Windows System

Microsoft Security Intelligence says a new variant of the Sysrv botnet (Sysrv-K) is targeting Windows through a Spring Framework flaw.

-

is warning Windows customers about a new variant of Sysrv that takes advantage of a flaw in the Spring Framework. By exploiting the vulnerability, the botnet installs cryptocurrency mining malware on Windows platforms, while also on Linux systems.

The researchers found the new Sysrv variant, which the company has named Sysrv-k. This variant was spotted while scanning online for WordPress plugins with existing vulnerabilities. The botnet was also targeting a recently found remote code execution (RCE) vulnerability in the Spring Cloud Gateway (CVE-2022-22947)

This is a bug in VMware's Spring Cloud Gateway and also the Communications Cloud Native Core Network Exposure tool from Oracle. Security researchers with both organizations have given this flaw a critical rating.

Sysrv-K is especially dangerous because it can get control of web servers. In a blog post, Microsoft Security Intelligence says the botnet scours the internet to find vulnerabilities in web servers. It targets bugs through remote code execution, arbitrary file downloads, and other methods.

Attack

When the botnet works and the malware installs on a Windows or Linux, the botnet places the cryptocurrency miner. Microsoft explains how Syrsv-K can copy itself to spread the attack:

“Like older variants, Sysrv-K scans for SSH keys, IP addresses, and host names, and then attempts to connect to other systems in the network via SSH to deploy copies of itself. This could put the rest of the network at risk of becoming part of the Sysrv-K botnet.”

Microsoft tells organizations to update their systems:

“We highly recommend organizations to secure internet-facing systems, including timely application of security updates and building credential hygiene. Microsoft Defender for Endpoint detects Sysrv-K and older Sysrv variants, as well as related behavior and payloads.”

Tip of the day: Did you know that you can assign keyboard shortcuts for starting applications quickly in and ? This is a great way to have your most used programs always at your fingertips. In our we show you how to set those hotkeys for your favorite apps.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News