HomeWinBuzzer NewsMicrosoft Security Describes New Botnet Targeting Windows System

Microsoft Security Describes New Botnet Targeting Windows System

Microsoft Security Intelligence says a new variant of the Sysrv botnet (Sysrv-K) is targeting Windows through a Spring Framework flaw.

-

Microsoft is warning Windows customers about a new variant of Sysrv that takes advantage of a flaw in the Spring Framework. By exploiting the vulnerability, the botnet installs cryptocurrency mining malware on Windows platforms, while also on Linux systems.

The Microsoft Security researchers found the new Sysrv variant, which the company has named Sysrv-k. This variant was spotted while scanning online for WordPress plugins with existing vulnerabilities. The botnet was also targeting a recently found remote code execution (RCE) vulnerability in the Spring Cloud Gateway (CVE-2022-22947)

This is a bug in VMware's Spring Cloud Gateway and also the Communications Cloud Native Core Network Exposure tool from Oracle. Security researchers with both organizations have given this flaw a critical rating.

Sysrv-K is especially dangerous because it can get control of web servers. In a blog post, Microsoft Security Intelligence says the botnet scours the internet to find vulnerabilities in web servers. It targets bugs through remote code execution, arbitrary file downloads, and other methods.

Attack

When the botnet works and the malware installs on a Windows or Linux, the botnet places the cryptocurrency miner. Microsoft explains how Syrsv-K can copy itself to spread the attack:

“Like older variants, Sysrv-K scans for SSH keys, IP addresses, and host names, and then attempts to connect to other systems in the network via SSH to deploy copies of itself. This could put the rest of the network at risk of becoming part of the Sysrv-K botnet.”

Microsoft tells organizations to update their systems:

“We highly recommend organizations to secure internet-facing systems, including timely application of security updates and building credential hygiene. Microsoft Defender for Endpoint detects Sysrv-K and older Sysrv variants, as well as related behavior and payloads.”

Tip of the day: Did you know that you can assign keyboard shortcuts for starting applications quickly in Windows 11 and Windows 10? This is a great way to have your most used programs always at your fingertips. In our tutorials we show you how to set those hotkeys for your favorite apps.

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon