A botnet `` Vollgar '' that performs remote control and virtual currency mining targeting Microsoft SQL Server is in fashion, the attack source is China
Security company
The Vollgar Campaign: MS-SQL Servers Under Attack | Guardicore Labs
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
A crypto-mining botnet has been hijacking MSSQL servers for almost two years | ZDNet
https://www.zdnet.com/article/a-crypto-mining-botnet-has-been-hijacking-mssql-servers-for-almost-two-years/
WARNING: Hackers Install Secret Backdoor on Thousands of Microsoft SQL Servers
https://thehackernews.com/2020/04/backdoor-.html
The botnet, named ' Vollgar ', breached the server with a password brute force attack targeting MS SQL, mined the virtual currency ' Vollar ', built a backdoor in the OS, and operated it remotely. make it possible. Vollgar's activity was first observed in May 2018, two years ago, and even at the time of writing, 2000-3000 servers were infected with Vollgar every day. Guardicore reports that the countries most affected by Vollar are China, India, the United States, South Korea and Turkey.
Of the servers infected with Vollgar, about 60% have been able to remove Vollgar within two days, but 40% have not been able to remove Vollgar within two days. In addition, Vollgar removal may have been only partially performed, and 10% of infected servers seem to be infected again with Vollgar. Guardicore explains that even if infected with Vollgar, the server will behave normally, making it hard to notice.
On the server infected with Vollgar, a complete set of tools for IP scanning and brute force attacks and a
Guardicore recommends using strong passwords for MS SQL to avoid Vollgar infection. In addition, a script for PowerShell that can determine whether or not it is infected with Vollgar is released on GitHub.
labs_campaigns / Vollgar at masterguardicore / labs_campaignsGitHub
https://github.com/guardicore/labs_campaigns/tree/master/Vollgar
Related Posts:
in Security, Posted by darkhorse_log